diff --git a/.rubocop.yml b/.rubocop.yml
index 3a555f6..b560582 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -14,3 +14,5 @@ Metrics/ModuleLength:
 Metrics/BlockLength:
   Exclude:
     - "googleauth.gemspec"
+Style/SafeNavigation:
+  Enabled: false
diff --git a/lib/googleauth/web_user_authorizer.rb b/lib/googleauth/web_user_authorizer.rb
index 3c14ddd..545506a 100644
--- a/lib/googleauth/web_user_authorizer.rb
+++ b/lib/googleauth/web_user_authorizer.rb
@@ -176,12 +176,13 @@ module Google
         super options
       end
 
-      # Fetch stored credentials for the user.
+      # Fetch stored credentials for the user from the given request session.
       #
       # @param [String] user_id
       #  Unique ID of the user for loading/storing credentials.
       # @param [Rack::Request] request
-      #  Current request
+      #  Current request. Optional. If omitted, this will attempt to fall back
+      #  on the base class behavior of reading from the token store.
       # @param [Array<String>, String] scope
       #  If specified, only returns credentials that have all the \
       #  requested scopes
@@ -190,8 +191,8 @@ module Google
       # @raise [Signet::AuthorizationError]
       #  May raise an error if an authorization code is present in the session
       #  and exchange of the code fails
-      def get_credentials user_id, request, scope = nil
-        if request.session.key? CALLBACK_STATE_KEY
+      def get_credentials user_id, request = nil, scope = nil
+        if request && request.session.key?(CALLBACK_STATE_KEY)
           # Note - in theory, no need to check required scope as this is
           # expected to be called immediately after a return from authorization
           state_json = request.session.delete CALLBACK_STATE_KEY