diff --git a/pkg/apiclient/auth.go b/pkg/apiclient/auth.go
index 1313e05cc..8c43ea39b 100644
--- a/pkg/apiclient/auth.go
+++ b/pkg/apiclient/auth.go
@@ -189,10 +189,10 @@ func (t *JWTTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	resp, err := t.transport().RoundTrip(req)
 	if log.GetLevel() >= log.TraceLevel {
 		dump, _ := httputil.DumpResponse(resp, true)
-		log.Tracef("resp-jwt: %s", string(dump))
+		log.Tracef("resp-jwt: %s (err:%s)", string(dump), err)
 	}
-	if err != nil {
-		/*we had an error, reset the token ?*/
+	if err != nil || resp.StatusCode == 401 {
+		/*we had an error (network error for example, or 401 because token is refused), reset the token ?*/
 		t.token = ""
 		return resp, errors.Wrapf(err, "performing jwt auth")
 	}