diff --git a/src/cache.rs b/src/cache.rs
index 018ae67ef9b372c1ffd9329c962239f9ee262537..2c4018e870a9805ff7a14112be02f508078183fd 100644
--- a/src/cache.rs
+++ b/src/cache.rs
@@ -293,7 +293,7 @@ impl UserInfo {
     ///
     /// This will use the in-memory token from the `access_token` slot if it is filled,
     /// or attempt to load a token from disk if not
-    pub fn get_access_token(&mut self) -> &Option<BasicTokenResponse> {
+    pub fn get_access_token(&mut self) -> Option<BasicTokenResponse> {
         // Try to load our acess token if none is known
         if self.access_token.is_none() {
             debug!("No token in memory, trying to load from file");
@@ -309,7 +309,10 @@ impl UserInfo {
             self.restore_privileges();
         }
 
-        return &self.access_token;
+        match &self.access_token {
+            Some(t) => Some(t.clone()),
+            None => None
+        }
     }
 
     /// Set the known access token for this user
diff --git a/src/nss.rs b/src/nss.rs
index 27f3523b8475ae25db3d67f2fb6583401a28fe8d..8bf7ba587f92b407628a72d81415745df90a56c2 100644
--- a/src/nss.rs
+++ b/src/nss.rs
@@ -67,11 +67,9 @@ impl PasswdHooks for OidcPasswd {
         let conf = nss_hook_prepare();
         info!("[NSS] passwd.get_all_entries called");
 
-        let mut context_user = get_context_user();
-        let user_token_res = context_user.get_access_token();
+        let user_token_res = get_context_user().get_access_token();
         // FIXME Implement caching of system token
         let system_token_res = get_access_token_client(&conf, "nss", "", "");
-        let system_token_res = system_token_res.as_ref();
         let token = match user_token_res {
             Some(t) => t,
             None => {
@@ -100,11 +98,9 @@ impl PasswdHooks for OidcPasswd {
         let conf = nss_hook_prepare();
         info!("[NSS] passwd.get_entry_by_uid called for {}", uid);
 
-        let mut context_user = get_context_user();
-        let user_token_res = context_user.get_access_token();
+        let user_token_res = get_context_user().get_access_token();
         // FIXME Implement caching of system token
         let system_token_res = get_access_token_client(&conf, "nss", "", "");
-        let system_token_res = system_token_res.as_ref();
         let token = match user_token_res {
             Some(t) => t,
             None => {
@@ -133,11 +129,9 @@ impl PasswdHooks for OidcPasswd {
         let conf = nss_hook_prepare();
         info!("[NSS] passwd.get_entry_by_name called for {}", name);
 
-        let mut context_user = get_context_user();
-        let user_token_res = context_user.get_access_token();
+        let user_token_res = get_context_user().get_access_token();
         // FIXME Implement caching of system token
         let system_token_res = get_access_token_client(&conf, "nss", "", "");
-        let system_token_res = system_token_res.as_ref();
         let token = match user_token_res {
             Some(t) => t,
             None => {