diff --git a/pkg/apiclient/auth.go b/pkg/apiclient/auth.go
index 87d725e80..6898ffe2a 100644
--- a/pkg/apiclient/auth.go
+++ b/pkg/apiclient/auth.go
@@ -194,7 +194,7 @@ func (t *JWTTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 		dump, _ := httputil.DumpResponse(resp, true)
 		log.Tracef("resp-jwt: %s (err:%v)", string(dump), err)
 	}
-	if err != nil || resp.StatusCode == 401 {
+	if err != nil || resp.StatusCode == http.StatusForbidden || resp.StatusCode == http.StatusUnauthorized {
 		/*we had an error (network error for example, or 401 because token is refused), reset the token ?*/
 		t.token = ""
 		return resp, errors.Wrapf(err, "performing jwt auth")