diff --git a/devdocs/todo.txt b/devdocs/todo.txt
index 17d882fa..91fb098a 100644
--- a/devdocs/todo.txt
+++ b/devdocs/todo.txt
@@ -25,7 +25,7 @@ todo: REMOVE TAGS
 	route: bulk-remove-all tag by type and all objects no id specified
 		parameters=Type, tag
 
-
+todo: auth controller authenticate wont allow if old jwt sent with request, should ignore on auth
 todo: API root controller
 	build mode and server info should be authorized shoudln't they?  Unauthorized people have no need to see that stuff
 todo: api / server landing page is shitty on a mobile
diff --git a/server/AyaNova/biz/TagUtil.cs b/server/AyaNova/biz/TagUtil.cs
index f5c1f97e..9cc6174c 100644
--- a/server/AyaNova/biz/TagUtil.cs
+++ b/server/AyaNova/biz/TagUtil.cs
@@ -27,6 +27,7 @@ namespace AyaNova.Biz
 
         public static string NormalizeTag(string inObj)
         {
+            if(string.IsNullOrWhiteSpace(inObj)) return null;
             //Must be lowercase per rules 
             //This may be naive when we get international cust omers but for now supporting utf-8 and it appears it's safe to do this with unicode
             inObj = inObj.ToLowerInvariant();