diff --git a/moto/cognitoidp/models.py b/moto/cognitoidp/models.py
index de395bb28..577c347b2 100644
--- a/moto/cognitoidp/models.py
+++ b/moto/cognitoidp/models.py
@@ -579,6 +579,8 @@ class CognitoIdpUserPool(BaseModel):
         return access_token, expires_in
 
     def create_tokens_from_refresh_token(self, refresh_token):
+        if self.refresh_tokens.get(refresh_token) is None:
+            raise NotAuthorizedError(refresh_token)
         client_id, username = self.refresh_tokens.get(refresh_token)
         if not username:
             raise NotAuthorizedError(refresh_token)
diff --git a/tests/test_cognitoidp/test_cognitoidp_exceptions.py b/tests/test_cognitoidp/test_cognitoidp_exceptions.py
new file mode 100644
index 000000000..f9452ee35
--- /dev/null
+++ b/tests/test_cognitoidp/test_cognitoidp_exceptions.py
@@ -0,0 +1,48 @@
+from unittest import TestCase
+
+import boto3
+from moto import mock_cognitoidp
+from botocore.exceptions import ClientError
+
+
+@mock_cognitoidp
+class TestCognitoUserDeleter(TestCase):
+    def setUp(self) -> None:
+        self.client = boto3.client("cognito-idp", "us-east-1")
+
+        self.pool_id = self.client.create_user_pool(PoolName="test")["UserPool"]["Id"]
+
+        self.client_id = self.client.create_user_pool_client(
+            UserPoolId=self.pool_id, ClientName="test-client"
+        )["UserPoolClient"]["ClientId"]
+
+    def test_authenticate_with_signed_out_user(self):
+        self.client.admin_create_user(
+            UserPoolId=self.pool_id, Username="foo", TemporaryPassword="bar"
+        )
+
+        self.client.admin_set_user_password(
+            UserPoolId=self.pool_id, Username="foo", Password="bar", Permanent=True
+        )
+
+        response = self.client.admin_initiate_auth(
+            UserPoolId=self.pool_id,
+            ClientId=self.client_id,
+            AuthFlow="ADMIN_USER_PASSWORD_AUTH",
+            AuthParameters={"USERNAME": "foo", "PASSWORD": "bar"},
+        )
+
+        refresh_token = response["AuthenticationResult"]["RefreshToken"]
+
+        self.client.admin_user_global_sign_out(UserPoolId=self.pool_id, Username="foo")
+
+        with self.assertRaises(ClientError) as exc:
+            self.client.admin_initiate_auth(
+                UserPoolId=self.pool_id,
+                ClientId=self.client_id,
+                AuthFlow="REFRESH_TOKEN",
+                AuthParameters={
+                    "REFRESH_TOKEN": refresh_token,
+                },
+            )
+        exc.exception.response["Error"]["Code"].should.equal("NotAuthorizedException")