diff --git a/endpoints/v2/v2auth.py b/endpoints/v2/v2auth.py
index 913835de0..655217d46 100644
--- a/endpoints/v2/v2auth.py
+++ b/endpoints/v2/v2auth.py
@@ -80,6 +80,7 @@ def generate_registry_jwt():
 
     # Ensure that we are never creating an invalid repository.
     if not REPOSITORY_NAME_REGEX.match(reponame):
+      logger.debug('Found invalid repository name in auth flow: %v', reponame)
       abort(400)
 
     final_actions = []
@@ -88,6 +89,7 @@ def generate_registry_jwt():
       # If there is no valid user or token, then the repository cannot be
       # accessed.
       if user is None and token is None:
+        logger.debug('No user and no token for requested "push" scope')
         abort(401)
 
       # Lookup the repository. If it exists, make sure the entity has modify
@@ -95,9 +97,11 @@ def generate_registry_jwt():
       repo = model.repository.get_repository(namespace, reponame)
       if repo:
         if not ModifyRepositoryPermission(namespace, reponame).can():
+          logger.debug('No permission to modify repository %v/%v', namespace, reponame)
           abort(403)
       else:
         if not CreateRepositoryPermission(namespace).can() or user is None:
+          logger.debug('No permission to create repository %v/%v', namespace, reponame)
           abort(403)
 
         logger.debug('Creating repository: %s/%s', namespace, reponame)
@@ -114,6 +118,7 @@ def generate_registry_jwt():
           'push' in final_actions):
         final_actions.append('pull')
       else:
+        logger.debug('No permission to pull repository %v/%v', namespace, reponame)
         abort(403)
 
 
@@ -125,7 +130,8 @@ def generate_registry_jwt():
 
   elif user is None and token is None:
     # In this case, we are doing an auth flow, and it's not an anonymous pull
-    return abort(401)
+    logger.debug('No user and no token sent for empty scope list')
+    abort(401)
 
   context, subject = build_context_and_subject(user, token, oauthtoken)
   token_data = {