diff --git a/internal/pkg/auth/user_token_flow.go b/internal/pkg/auth/user_token_flow.go
index 8a49c6b45..215db2fa3 100644
--- a/internal/pkg/auth/user_token_flow.go
+++ b/internal/pkg/auth/user_token_flow.go
@@ -118,6 +118,8 @@ func TokenExpired(token string) (bool, error) {
 	expirationTimestampNumeric, err := tokenParsed.Claims.GetExpirationTime()
 	if err != nil {
 		return false, fmt.Errorf("get expiration timestamp from access token: %w", err)
+	} else if expirationTimestampNumeric == nil {
+		return false, nil
 	}
 	expirationTimestamp := expirationTimestampNumeric.Time
 	now := time.Now()
diff --git a/internal/pkg/auth/user_token_flow_test.go b/internal/pkg/auth/user_token_flow_test.go
index 6aeac368f..cd31350ad 100644
--- a/internal/pkg/auth/user_token_flow_test.go
+++ b/internal/pkg/auth/user_token_flow_test.go
@@ -381,3 +381,40 @@ func createTokens(accessTokenExpiresAt, refreshTokenExpiresAt time.Time) (access
 
 	return accessToken, refreshToken, nil
 }
+
+func TestTokenExpired(t *testing.T) {
+	tests := []struct {
+		desc     string
+		token    string
+		expected bool
+	}{
+		{
+			desc:     "token without exp",
+			token:    `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c`,
+			expected: false,
+		},
+		{
+			desc:     "exp 0",
+			token:    `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjB9.rIhVGrtR0B0gUYPZDnB6LZ_w7zckH_9qFZBWG4rCkRY`,
+			expected: true,
+		},
+		{
+			desc:     "exp 9007199254740991",
+			token:    `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjIyNTc2MDkwNzExMTExMTExfQ.aStshPjoSKTIcBeESbLJWvbMVuw-XWInXcf1P7tiWaE`,
+			expected: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.desc, func(t *testing.T) {
+			actual, err := TokenExpired(tt.token)
+			if err != nil {
+				t.Fatalf("TokenExpired() error = %v", err)
+			}
+
+			if actual != tt.expected {
+				t.Errorf("TokenExpired() = %v, want %v", actual, tt.expected)
+			}
+		})
+	}
+}