diff --git a/authorize/check_response.go b/authorize/check_response.go
index fe889075d..788d803e5 100644
--- a/authorize/check_response.go
+++ b/authorize/check_response.go
@@ -23,7 +23,6 @@ func (a *Authorize) okResponse(
 	rawSession []byte,
 	isNewSession bool,
 ) *envoy_service_auth_v2.CheckResponse {
-
 	requestHeaders, err := a.getEnvoyRequestHeaders(rawSession, isNewSession)
 	if err != nil {
 		log.Warn().Err(err).Msg("authorize: error generating new request headers")
diff --git a/authorize/session.go b/authorize/session.go
index 7f6921dff..8d41abd6f 100644
--- a/authorize/session.go
+++ b/authorize/session.go
@@ -77,6 +77,10 @@ func getJWTSetCookieHeaders(cookieStore sessions.SessionStore, rawjwt []byte) (m
 }
 
 func getJWTClaimHeaders(options config.Options, encoder encoding.MarshalUnmarshaler, rawjwt []byte) (map[string]string, error) {
+	if len(rawjwt) == 0 {
+		return make(map[string]string), nil
+	}
+
 	var claims map[string]jwtClaim
 	err := encoder.Unmarshal(rawjwt, &claims)
 	if err != nil {