diff --git a/lib/auth/open_id_authenticator.rb b/lib/auth/open_id_authenticator.rb
index b0eb8065802..04f2764a9cd 100644
--- a/lib/auth/open_id_authenticator.rb
+++ b/lib/auth/open_id_authenticator.rb
@@ -9,13 +9,14 @@ class Auth::OpenIdAuthenticator < Auth::Authenticator
   end
 
   def after_authenticate(auth_token)
-
     result = Auth::Result.new
 
     data = auth_token[:info]
     identity_url = auth_token[:extra][:response].identity_url
     result.email = email = data[:email]
 
+    raise Discourse::InvalidParameters.new(:email) if email.blank?
+
     # If the auth supplies a name / username, use those. Otherwise start with email.
     result.name = data[:name] || data[:email]
     result.username = data[:nickname] || data[:email]
diff --git a/spec/components/auth/open_id_authenticator_spec.rb b/spec/components/auth/open_id_authenticator_spec.rb
index 9f2158d8785..df89c0748f0 100644
--- a/spec/components/auth/open_id_authenticator_spec.rb
+++ b/spec/components/auth/open_id_authenticator_spec.rb
@@ -16,4 +16,10 @@ describe Auth::OpenIdAuthenticator do
     result = auth.after_authenticate(info: {email: user.email}, extra: {response: response})
     result.user.should == user
   end
+
+  it "raises an exception when email is missing" do
+    auth = Auth::OpenIdAuthenticator.new("test", "id", trusted: true)
+    response = OpenStruct.new(identity_url: 'abc')
+    -> { auth.after_authenticate(info: {}, extra: { response: response }) }.should raise_error(Discourse::InvalidParameters)
+  end
 end