diff --git a/registry/tokentransport.go b/registry/tokentransport.go
index 4e858b04..b7a6ccf5 100644
--- a/registry/tokentransport.go
+++ b/registry/tokentransport.go
@@ -30,19 +30,19 @@ type authToken struct {
 }
 
 func (t *TokenTransport) authAndRetry(authService *authService, req *http.Request) (*http.Response, error) {
-	token, authResp, err := t.auth(authService)
+	token, err := t.auth(authService)
 	if err != nil {
-		return authResp, err
+		return nil, err
 	}
 
 	retryResp, err := t.retry(req, token)
 	return retryResp, err
 }
 
-func (t *TokenTransport) auth(authService *authService) (string, *http.Response, error) {
+func (t *TokenTransport) auth(authService *authService) (string, error) {
 	authReq, err := authService.Request(t.Username, t.Password)
 	if err != nil {
-		return "", nil, err
+		return "", err
 	}
 
 	client := http.Client{
@@ -51,22 +51,21 @@ func (t *TokenTransport) auth(authService *authService) (string, *http.Response,
 
 	response, err := client.Do(authReq)
 	if err != nil {
-		return "", nil, err
+		return "", err
 	}
-
+	defer response.Body.Close()
 	if response.StatusCode != http.StatusOK {
-		return "", response, err
+		return "", fmt.Errorf("could not authenticate (error %d)", response.StatusCode)
 	}
-	defer response.Body.Close()
 
 	var authToken authToken
 	decoder := json.NewDecoder(response.Body)
 	err = decoder.Decode(&authToken)
 	if err != nil {
-		return "", nil, err
+		return "", err
 	}
 
-	return authToken.Token, nil, nil
+	return authToken.Token, nil
 }
 
 func (t *TokenTransport) retry(req *http.Request, token string) (*http.Response, error) {