diff --git a/src/config.rs b/src/config.rs
index 0c6a0f6fb123a5304dad712c04fe360ce0f7c7ff..218f72eeec0a0c2f62529ae0b7f8943e90550ca5 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -15,6 +15,9 @@
 
 use serde::de::Deserialize;
 
+use pamsm::PamError;
+use libnss::interop::Response;
+
 extern crate config;
 
 const DEFAULT_CONFIG_FILE: &str = "/etc/nss_pam_oidc";
@@ -69,3 +72,21 @@ pub fn get_optional<'de, T: Deserialize<'de>>(conf: &config::Config, key: &str)
         },
     }
 }
+
+enum DesiredError {
+    Response,
+    PamError
+}
+
+pub fn get_or_error<'de, T: Deserialize<'de>>(config: &config::Config, key: &str, error_value: DesiredError) -> Result<T, Response> {
+    match get_optional(config, key) {
+        Some(v) => {
+            debug!("Configuration key found: {}", key);
+            return Ok(v);
+        },
+        None => {
+            error!("Configuration key not found: {}", key);
+            return Err(error_value);
+        },
+    }
+}
diff --git a/src/nss.rs b/src/nss.rs
index 9eeb5b96042cfb4dcad20d14cd5e9fd647c13c67..c321cb86cdad26454d9f9698fb9daf5546a366a4 100644
--- a/src/nss.rs
+++ b/src/nss.rs
@@ -15,14 +15,13 @@
 
 use crate::config::{
     get_config,
-    get_optional
+    get_optional,
+    get_or_error
 };
 use config::Config;
 
 use crate::logging::setup_log;
 
-use serde::de::Deserialize;
-
 use oauth2::{
     AuthUrl,
     ClientId,
@@ -38,19 +37,6 @@ use oauth2::reqwest::http_client;
 use libnss::interop::Response;
 use libnss::passwd::{PasswdHooks, Passwd};
 
-fn get_or_nss_error<'de, T: Deserialize<'de>>(config: &Config, key: &str) -> Result<T, Response> {
-    match get_optional(config, key) {
-        Some(v) => {
-            debug!("Configuration key found: {}", key);
-            return Ok(v);
-        },
-        None => {
-            error!("Configuration key not found: {}", key);
-            return Err(Response::Unavail);
-        },
-    }
-}
-
 fn nss_hook_prepare() -> Config {
     let conf = get_config(None);
 
@@ -64,12 +50,12 @@ fn nss_hook_prepare() -> Config {
 }
 
 fn get_bearer_token(config: Config) -> Result<String, Response> {
-    let client_id = ClientId::new(get_or_nss_error(&config, "nss.client_id")?);
+    let client_id = ClientId::new(get_or_error(&config, "nss.client_id", Response::Unavail)?);
     let client_secret = match get_optional(&config, "nss.client_secret") {
         Some(v) => Some(ClientSecret::new(v)),
         None => None,
     };
-    let auth_url = match AuthUrl::new(get_or_nss_error(&config, "nss.auth_url")?) {
+    let auth_url = match AuthUrl::new(get_or_error(&config, "nss.auth_url", Response::Unavail)?) {
         Ok(u) => u,
         _ => {
             error!("Could not parse authorization URL");
@@ -86,7 +72,7 @@ fn get_bearer_token(config: Config) -> Result<String, Response> {
         },
         None => None,
     };
-    let scopes: Vec<&str> = get_or_nss_error(&config, "nss.scopes")?;
+    let scopes: Vec<&str> = get_or_error(&config, "nss.scopes", Response::Unavail)?;
 
     let client = BasicClient::new(client_id, client_secret, auth_url, token_url);
     let mut request = client.exchange_client_credentials();
diff --git a/src/pam.rs b/src/pam.rs
index b469af08f4de90955c12c009b231854eecb45291..339739e843e9266ecbfe06346583ca6c91c3aaa2 100644
--- a/src/pam.rs
+++ b/src/pam.rs
@@ -16,12 +16,11 @@
 use crate::config::{
     argv_to_config,
     get_config,
-    get_optional
+    get_optional,
+    get_or_error
 };
 use config::Config;
 
-use serde::de::Deserialize;
-
 use crate::logging::setup_log;
 
 use oauth2::{
@@ -43,26 +42,13 @@ use oauth2::reqwest::http_client;
 
 use pamsm::{PamServiceModule, Pam, PamFlag, PamError, PamLibExt};
 
-fn get_or_pam_error<'de, T: Deserialize<'de>>(config: &Config, key: &str) -> Result<T, PamError> {
-    match get_optional(config, key) {
-        Some(v) => {
-            debug!("Configuration key found: {}", key);
-            return Ok(v);
-        },
-        None => {
-            error!("Configuration key not found: {}", key);
-            return Err(PamError::SERVICE_ERR);
-        },
-    }
-}
-
 fn do_legacy_auth(username: String, password: String, config: Config) -> Result<BasicTokenResponse, PamError> {
-    let client_id = ClientId::new(get_or_pam_error(&config, "pam.client_id")?);
+    let client_id = ClientId::new(get_or_error(&config, "pam.client_id", PamError::SERVICE_ERR)?);
     let client_secret = match get_optional(&config, "pam.client_secret") {
         Some(v) => Some(ClientSecret::new(v)),
         None => None,
     };
-    let auth_url = match AuthUrl::new(get_or_pam_error(&config, "pam.auth_url")?) {
+    let auth_url = match AuthUrl::new(get_or_error(&config, "pam.auth_url", PamError::SERVICE_ERR)?) {
         Ok(u) => u,
         _ => {
             error!("Could not parse authorization URL");
@@ -79,7 +65,7 @@ fn do_legacy_auth(username: String, password: String, config: Config) -> Result<
         },
         None => None,
     };
-    let scopes: Vec<&str> = get_or_pam_error(&config, "pam.scopes")?;
+    let scopes: Vec<&str> = get_or_error(&config, "pam.scopes", PamError::SERVICE_ERR)?;
 
     let res_username = ResourceOwnerUsername::new(username);
     let res_password = ResourceOwnerPassword::new(password);