diff --git a/api/auth/auth_jwt.py b/api/auth/auth_jwt.py
index 1ac8d5d79..4eff80789 100644
--- a/api/auth/auth_jwt.py
+++ b/api/auth/auth_jwt.py
@@ -19,10 +19,14 @@ class JWTAuth(HTTPBearer):
             if not credentials.scheme == "Bearer":
                 raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid authentication scheme.")
             jwt_payload = authorizers.jwt_authorizer(credentials.scheme + " " + credentials.credentials)
+            auth_exists = jwt_payload is not None \
+                          and users.auth_exists(user_id=jwt_payload.get("userId", -1),
+                                                tenant_id=jwt_payload.get("tenantId", -1),
+                                                jwt_iat=jwt_payload.get("iat", 100),
+                                                jwt_aud=jwt_payload.get("aud", ""))
             if jwt_payload is None \
                     or jwt_payload.get("iat") is None or jwt_payload.get("aud") is None \
-                    or not users.auth_exists(user_id=jwt_payload["userId"], tenant_id=jwt_payload["tenantId"],
-                                             jwt_iat=jwt_payload["iat"], jwt_aud=jwt_payload["aud"]):
+                    or not auth_exists:
                 print("JWTAuth: Token issue")
                 if jwt_payload is not None:
                     print(jwt_payload)
@@ -34,21 +38,19 @@ class JWTAuth(HTTPBearer):
                     print("JWTAuth: iat is None")
                 if jwt_payload is not None and jwt_payload.get("aud") is None:
                     print("JWTAuth: aud is None")
-                if jwt_payload is not None and \
-                        not users.auth_exists(user_id=jwt_payload["userId"], tenant_id=jwt_payload["tenantId"],
-                                              jwt_iat=jwt_payload["iat"], jwt_aud=jwt_payload["aud"]):
+                if jwt_payload is not None and not auth_exists:
                     print("JWTAuth: not users.auth_exists")
 
                 raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Invalid token or expired token.")
-            user = users.get(user_id=jwt_payload["userId"], tenant_id=jwt_payload["tenantId"])
+            user = users.get(user_id=jwt_payload.get("userId", -1), tenant_id=jwt_payload.get("tenantId", -1))
             if user is None:
                 print("JWTAuth: User not found.")
                 raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User not found.")
             jwt_payload["authorizer_identity"] = "jwt"
             print(jwt_payload)
             request.state.authorizer_identity = "jwt"
-            request.state.currentContext = CurrentContext(tenant_id=jwt_payload["tenantId"],
-                                                          user_id=jwt_payload["userId"],
+            request.state.currentContext = CurrentContext(tenant_id=jwt_payload.get("tenantId", -1),
+                                                          user_id=jwt_payload.get("userId", -1),
                                                           email=user["email"])
             return request.state.currentContext
 
diff --git a/api/chalicelib/core/users.py b/api/chalicelib/core/users.py
index 40cc0f7db..3a4067f68 100644
--- a/api/chalicelib/core/users.py
+++ b/api/chalicelib/core/users.py
@@ -564,13 +564,13 @@ def auth_exists(user_id, tenant_id, jwt_iat, jwt_aud):
                 {"userId": user_id})
         )
         r = cur.fetchone()
-        return r is not None \
-               and r.get("jwt_iat") is not None \
-               and (abs(jwt_iat - TimeUTC.datetime_to_timestamp(r["jwt_iat"]) // 1000) <= 1 \
-                    or (jwt_aud.startswith("plugin") \
-                        and (r["changed_at"] is None \
-                             or jwt_iat >= (TimeUTC.datetime_to_timestamp(r["changed_at"]) // 1000)))
-                    )
+    return r is not None \
+           and r.get("jwt_iat") is not None \
+           and (abs(jwt_iat - TimeUTC.datetime_to_timestamp(r["jwt_iat"]) // 1000) <= 1 \
+                or (jwt_aud.startswith("plugin") \
+                    and (r["changed_at"] is None \
+                         or jwt_iat >= (TimeUTC.datetime_to_timestamp(r["changed_at"]) // 1000)))
+                )
 
 
 def authenticate(email, password, for_change_password=False, for_plugin=False):
diff --git a/ee/api/chalicelib/core/users.py b/ee/api/chalicelib/core/users.py
index cf2a808e7..5d28dc395 100644
--- a/ee/api/chalicelib/core/users.py
+++ b/ee/api/chalicelib/core/users.py
@@ -613,13 +613,13 @@ def auth_exists(user_id, tenant_id, jwt_iat, jwt_aud):
                 {"userId": user_id, "tenant_id": tenant_id})
         )
         r = cur.fetchone()
-        return r is not None \
-               and r.get("jwt_iat") is not None \
-               and (abs(jwt_iat - TimeUTC.datetime_to_timestamp(r["jwt_iat"]) // 1000) <= 1 \
-                    or (jwt_aud.startswith("plugin") \
-                        and (r["changed_at"] is None \
-                             or jwt_iat >= (TimeUTC.datetime_to_timestamp(r["changed_at"]) // 1000)))
-                    )
+    return r is not None \
+           and r.get("jwt_iat") is not None \
+           and (abs(jwt_iat - TimeUTC.datetime_to_timestamp(r["jwt_iat"]) // 1000) <= 1 \
+                or (jwt_aud.startswith("plugin") \
+                    and (r["changed_at"] is None \
+                         or jwt_iat >= (TimeUTC.datetime_to_timestamp(r["changed_at"]) // 1000)))
+                )
 
 
 def change_jwt_iat(user_id):