diff --git a/core/server/auth/auth-strategies.js b/core/server/auth/auth-strategies.js
index 1547516212..ab15d7687e 100644
--- a/core/server/auth/auth-strategies.js
+++ b/core/server/auth/auth-strategies.js
@@ -69,14 +69,19 @@ strategies = {
      * - via invite token
      * - via normal auth
      * - via setup
-     *
-     * @TODO: validate GhostAuth profile?
      */
     ghostStrategy: function ghostStrategy(req, ghostAuthAccessToken, ghostAuthRefreshToken, profile, done) {
         var inviteToken = req.body.inviteToken,
             options = {context: {internal: true}},
             handleInviteToken, handleSetup;
 
+        // CASE: socket hangs up for example
+        if (!ghostAuthAccessToken || !profile) {
+            return done(new errors.NoPermissionError({
+                help: 'Please try again.'
+            }));
+        }
+
         handleInviteToken = function handleInviteToken() {
             var user, invite;
             inviteToken = utils.decodeBase64URLsafe(inviteToken);