diff --git a/pkg/handler/handler_default.go b/pkg/handler/handler_default.go
index 12ef318..ae23683 100644
--- a/pkg/handler/handler_default.go
+++ b/pkg/handler/handler_default.go
@@ -13,11 +13,8 @@ func (h *Handler) Default(w http.ResponseWriter, r *http.Request) {
 	logger := logentry.LogEntry(r).WithField("request_path", r.URL.Path)
 	isAuthenticated := false
 
-	sessionData, err := h.getSessionFromCookie(w, r)
-
-	hasSessionData := err == nil && sessionData != nil
-	hasAccessToken := hasSessionData && len(sessionData.AccessToken) > 0
-	if hasAccessToken {
+	accessToken, ok := h.accessToken(w, r)
+	if ok {
 		// add authentication if session cookie and token checks out
 		isAuthenticated = true
 
@@ -41,12 +38,21 @@ func (h *Handler) Default(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 
 	if isAuthenticated {
-		ctx = withAccessToken(ctx, sessionData.AccessToken)
+		ctx = withAccessToken(ctx, accessToken)
 	}
 
 	h.ReverseProxy.ServeHTTP(w, r.WithContext(ctx))
 }
 
+func (h *Handler) accessToken(w http.ResponseWriter, r *http.Request) (string, bool) {
+	sessionData, err := h.getSessionFromCookie(w, r)
+	if err != nil || sessionData == nil || len(sessionData.AccessToken) == 0 {
+		return "", false
+	}
+
+	return sessionData.AccessToken, true
+}
+
 type contextKey string
 
 const (