From 2d65b94df3e672700562a15f6efeb3bfa628f6f3 Mon Sep 17 00:00:00 2001
From: Livio Amstutz <livio.a@gmail.com>
Date: Mon, 29 Mar 2021 14:50:58 +0200
Subject: [PATCH] fix: handle possible nil pointer (#1491)

---
 internal/api/oidc/auth_request.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/internal/api/oidc/auth_request.go b/internal/api/oidc/auth_request.go
index 5932cd582b..c10d08b30f 100644
--- a/internal/api/oidc/auth_request.go
+++ b/internal/api/oidc/auth_request.go
@@ -83,13 +83,14 @@ func (o *OPStorage) DeleteAuthRequest(ctx context.Context, id string) (err error
 func (o *OPStorage) CreateToken(ctx context.Context, req op.TokenRequest) (_ string, _ time.Time, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
-	var userAgentID, applicationID string
+	var userAgentID, applicationID, userOrgID string
 	authReq, ok := req.(*AuthRequest)
 	if ok {
 		userAgentID = authReq.AgentID
 		applicationID = authReq.ApplicationID
+		userOrgID = authReq.UserOrgID
 	}
-	resp, err := o.command.AddUserToken(ctx, authReq.UserOrgID, userAgentID, applicationID, req.GetSubject(), req.GetAudience(), req.GetScopes(), o.defaultAccessTokenLifetime) //PLANNED: lifetime from client
+	resp, err := o.command.AddUserToken(ctx, userOrgID, userAgentID, applicationID, req.GetSubject(), req.GetAudience(), req.GetScopes(), o.defaultAccessTokenLifetime) //PLANNED: lifetime from client
 	if err != nil {
 		return "", time.Time{}, err
 	}