diff --git a/endpoints/v1/index.py b/endpoints/v1/index.py
index 07aa00e67..30aa72235 100644
--- a/endpoints/v1/index.py
+++ b/endpoints/v1/index.py
@@ -8,6 +8,7 @@ from flask import request, make_response, jsonify, session
 
 from app import authentication, userevents, metric_queue
 from auth.auth_context import get_authenticated_user, get_validated_token, get_validated_oauth_token
+from auth.credentials import validate_credentials, CredentialKind
 from auth.decorators import process_auth
 from auth.permissions import (
   ModifyRepositoryPermission, UserAdminPermission, ReadRepositoryPermission,
@@ -84,34 +85,28 @@ def create_user():
   # UGH! we have to use this response when the login actually worked, in order
   # to get the CLI to try again with a get, and then tell us login succeeded.
   success = make_response('"Username or email already exists"', 400)
+  result, kind = validate_credentials(username, password)
+  if not result.auth_valid:
+    if kind == CredentialKind.token:
+      abort(400, 'Invalid access token.', issue='invalid-access-token')
 
-  if username == '$token':
-    if model.load_token(password):
-      return success
-    abort(400, 'Invalid access token.', issue='invalid-access-token')
+    if kind == CredentialKind.robot:
+      abort(400, 'Invalid robot account or password.', issue='robot-login-failure')
 
-  elif username == '$oauthtoken':
-    if model.validate_oauth_token(password):
-      return success
-    abort(400, 'Invalid oauth access token.', issue='invalid-oauth-access-token')
+    if kind == CredentialKind.oauth_token:
+      abort(400, 'Invalid oauth access token.', issue='invalid-oauth-access-token')
 
-  elif '+' in username:
-    if model.verify_robot(username, password):
-      return success
-    abort(400, 'Invalid robot account or password.', issue='robot-login-failure')
-
-  (verified, error_message) = authentication.verify_and_link_user(username, password,
-                                                                  basic_auth=True)
-  if verified:
-    # Mark that the user was logged in.
-    event = userevents.get_event(username)
-    event.publish_event_data('docker-cli', {'action': 'login'})
-    return success
-  else:
     # Mark that the login failed.
     event = userevents.get_event(username)
     event.publish_event_data('docker-cli', {'action': 'loginfailure'})
-    abort(400, error_message, issue='login-failure')
+    abort(400, result.error_message, issue='login-failure')
+
+  if result.has_user:
+    # Mark that the user was logged in.
+    event = userevents.get_event(username)
+    event.publish_event_data('docker-cli', {'action': 'login'})
+
+  return success
 
 
 @v1_bp.route('/users', methods=['GET'])