diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
index dc190fa83..c51c7cf9c 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
@@ -154,7 +154,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 	    	//Add approved site reference, if any
 		    StoredOAuth2Request originalAuthRequest = authHolder.getAuthentication().getStoredRequest();
 			
-	    	if (originalAuthRequest.getExtensionProperties().containsKey("approved_site")) {
+	    	if (originalAuthRequest.getExtensionProperties() != null && originalAuthRequest.getExtensionProperties().containsKey("approved_site")) {
 				
 				Long apId = (Long) originalAuthRequest.getExtensionProperties().get("approved_site");
 				ApprovedSite ap = approvedSiteService.getById(apId);