diff --git a/src/Two/AbstractProvider.php b/src/Two/AbstractProvider.php
index 4dfb7c75..8af721f6 100644
--- a/src/Two/AbstractProvider.php
+++ b/src/Two/AbstractProvider.php
@@ -239,6 +239,10 @@ public function user()
 
         $response = $this->getAccessTokenResponse($this->getCode());
 
+        if (! is_array($response) || ! Arr::has($response, 'access_token')) {
+            throw new InvalidTokenResponseException;
+        }
+
         $user = $this->getUserByToken(Arr::get($response, 'access_token'));
 
         return $this->userInstance($response, $user);
diff --git a/src/Two/InvalidTokenResponseException.php b/src/Two/InvalidTokenResponseException.php
new file mode 100644
index 00000000..8946bef7
--- /dev/null
+++ b/src/Two/InvalidTokenResponseException.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace Laravel\Socialite\Two;
+
+use InvalidArgumentException;
+
+class InvalidTokenResponseException extends InvalidArgumentException
+{
+    //
+}
diff --git a/tests/OAuthTwoTest.php b/tests/OAuthTwoTest.php
index 4071de9e..994e245f 100644
--- a/tests/OAuthTwoTest.php
+++ b/tests/OAuthTwoTest.php
@@ -11,6 +11,7 @@
 use Laravel\Socialite\Tests\Fixtures\OAuthTwoTestProviderStub;
 use Laravel\Socialite\Tests\Fixtures\OAuthTwoWithPKCETestProviderStub;
 use Laravel\Socialite\Two\InvalidStateException;
+use Laravel\Socialite\Two\InvalidTokenResponseException;
 use Laravel\Socialite\Two\Token;
 use Laravel\Socialite\Two\User;
 use Mockery as m;
@@ -137,6 +138,22 @@ public function testUserReturnsAUserInstanceForTheAuthenticatedRequest()
         $this->assertSame($user->id, $provider->user()->id);
     }
 
+    public function testExceptionIsThrownIfAccessTokenIsMissing()
+    {
+        $this->expectException(InvalidTokenResponseException::class);
+
+        $request = Request::create('foo', 'GET', ['state' => str_repeat('A', 40), 'code' => 'code']);
+        $request->setLaravelSession($session = m::mock(Session::class));
+        $session->expects('pull')->with('state')->andReturns(str_repeat('A', 40));
+        $provider = new OAuthTwoTestProviderStub($request, 'client_id', 'client_secret', 'redirect_uri');
+        $provider->http = m::mock(stdClass::class);
+        $provider->http->expects('post')->with('http://token.url', [
+            'headers' => ['Accept' => 'application/json'], 'form_params' => ['grant_type' => 'authorization_code', 'client_id' => 'client_id', 'client_secret' => 'client_secret', 'code' => 'code', 'redirect_uri' => 'redirect_uri'],
+        ])->andReturns($response = m::mock(stdClass::class));
+        $response->expects('getBody')->andReturns('::invalid_response::');
+        $provider->user();
+    }
+
     public function testUserReturnsAUserInstanceForTheAuthenticatedFacebookRequest()
     {
         $request = Request::create('foo', 'GET', ['state' => str_repeat('A', 40), 'code' => 'code']);