diff --git a/src/shared/guards/tokenRoles.guard.ts b/src/shared/guards/tokenRoles.guard.ts
index d340733..27c9da1 100644
--- a/src/shared/guards/tokenRoles.guard.ts
+++ b/src/shared/guards/tokenRoles.guard.ts
@@ -37,7 +37,11 @@ export class TokenRolesGuard implements CanActivate {
     const request = context.switchToHttp().getRequest<Request>();
 
     try {
-      const user = request['user'] ?? {};
+      const user = request['user'];
+
+      if (!user && (requiredRoles.length || requiredScopes.length)) {
+        throw new UnauthorizedException('Missing or invalid token!');
+      }
 
       // Check role-based access for regular users
       if (user.roles && requiredRoles.length > 0) {