diff --git a/src/services.js b/src/services.js
index 28082f98c..d56d6b924 100644
--- a/src/services.js
+++ b/src/services.js
@@ -2037,24 +2037,25 @@ async function getDynamicEnvironmentOidc(app, options) {
     assert.strictEqual(typeof app, 'object');
     assert.strictEqual(typeof options, 'object');
 
-    const tmp = {};
-
     const { fqdn:dashboardFqdn } = await dashboard.getLocation();
 
-    if (app.sso && app.manifest.addons['oidc']) {
-        tmp['CLOUDRON_OIDC_DISCOVERY_URL'] = `https://${dashboardFqdn}/openid/.well-known/openid-configuration`;
-        tmp['CLOUDRON_OIDC_ISSUER'] = `https://${dashboardFqdn}/openid`;
-        tmp['CLOUDRON_OIDC_AUTH_ENDPOINT'] = `https://${dashboardFqdn}/openid/auth`;
-        tmp['CLOUDRON_OIDC_TOKEN_ENDPOINT'] = `https://${dashboardFqdn}/openid/token`;
-        tmp['CLOUDRON_OIDC_KEYS_ENDPOINT'] = `https://${dashboardFqdn}/openid/jwks`;
-        tmp['CLOUDRON_OIDC_PROFILE_ENDPOINT'] = `https://${dashboardFqdn}/openid/me`;
-        // following is only available if rpInitiatedLogout would be enabled https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#featuresrpinitiatedlogout
-        // tmp['CLOUDRON_OIDC_LOGOUT_URL'] = `https://${dashboardFqdn}/openid/session/end`;
+    if (!app.sso) return {};
 
-        const client = await oidc.clients.get(app.id);
-        tmp['CLOUDRON_OIDC_CLIENT_ID'] = client.id;
-        tmp['CLOUDRON_OIDC_CLIENT_SECRET'] = client.secret;
-    }
+    const client = await oidc.clients.get(app.id);
+    if (!client) throw new BoxError(BoxError.NOT_FOUND, `OIDC client for ${app.id} has not been allocated yet`); // happens with overzealous scheduler logic
+
+    const tmp = {};
+    tmp['CLOUDRON_OIDC_DISCOVERY_URL'] = `https://${dashboardFqdn}/openid/.well-known/openid-configuration`;
+    tmp['CLOUDRON_OIDC_ISSUER'] = `https://${dashboardFqdn}/openid`;
+    tmp['CLOUDRON_OIDC_AUTH_ENDPOINT'] = `https://${dashboardFqdn}/openid/auth`;
+    tmp['CLOUDRON_OIDC_TOKEN_ENDPOINT'] = `https://${dashboardFqdn}/openid/token`;
+    tmp['CLOUDRON_OIDC_KEYS_ENDPOINT'] = `https://${dashboardFqdn}/openid/jwks`;
+    tmp['CLOUDRON_OIDC_PROFILE_ENDPOINT'] = `https://${dashboardFqdn}/openid/me`;
+    // following is only available if rpInitiatedLogout would be enabled https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#featuresrpinitiatedlogout
+    // tmp['CLOUDRON_OIDC_LOGOUT_URL'] = `https://${dashboardFqdn}/openid/session/end`;
+
+    tmp['CLOUDRON_OIDC_CLIENT_ID'] = client.id;
+    tmp['CLOUDRON_OIDC_CLIENT_SECRET'] = client.secret;
 
     return tmp;
 }