diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go
index e1aa17bcd71a..847f09f0eb89 100644
--- a/pkg/api/login_oauth.go
+++ b/pkg/api/login_oauth.go
@@ -71,8 +71,12 @@ func OAuthLogin(ctx *middleware.Context) {
 		return
 	}
 
-	// verify state string
-	savedState := ctx.Session.Get(middleware.SESS_KEY_OAUTH_STATE).(string)
+	savedState, ok := ctx.Session.Get(middleware.SESS_KEY_OAUTH_STATE).(string)
+	if !ok {
+		ctx.Handle(500, "login.OAuthLogin(missing saved state)", nil)
+		return
+	}
+
 	queryState := ctx.Query("state")
 	if savedState != queryState {
 		ctx.Handle(500, "login.OAuthLogin(state mismatch)", nil)