From f40a07feebb6ac31244eeff6110b38ee71bd94f8 Mon Sep 17 00:00:00 2001
From: Livio Amstutz <livio.a@gmail.com>
Date: Thu, 15 Oct 2020 12:42:04 +0200
Subject: [PATCH] fix: possible nil pointer on userinfo

---
 pkg/op/userinfo.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/op/userinfo.go b/pkg/op/userinfo.go
index 1798be5..2362e4f 100644
--- a/pkg/op/userinfo.go
+++ b/pkg/op/userinfo.go
@@ -33,6 +33,10 @@ func Userinfo(w http.ResponseWriter, r *http.Request, userinfoProvider UserinfoP
 		return
 	}
 	splittedToken := strings.Split(tokenIDSubject, ":")
+	if len(splittedToken) != 2 {
+		http.Error(w, "access token invalid", http.StatusUnauthorized)
+		return
+	}
 	info, err := userinfoProvider.Storage().GetUserinfoFromToken(r.Context(), splittedToken[0], splittedToken[1], r.Header.Get("origin"))
 	if err != nil {
 		w.WriteHeader(http.StatusForbidden)