diff --git a/endpoints/v2/v2auth.py b/endpoints/v2/v2auth.py
index 4e48b4416..4dec3f342 100644
--- a/endpoints/v2/v2auth.py
+++ b/endpoints/v2/v2auth.py
@@ -9,7 +9,7 @@ from cachetools import lru_cache
 from app import app
 from data import model
 from auth.auth import process_auth
-from auth.auth_context import get_authenticated_user
+from auth.auth_context import get_authenticated_user, get_validated_token
 from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermission,
                               CreateRepositoryPermission)
 from endpoints.v2 import v2_bp
@@ -54,6 +54,10 @@ def generate_registry_jwt():
   logger.debug('Scope request: %s', scope_param)
 
   user = get_authenticated_user()
+  logger.debug('Authenticated user: %s', user)
+
+  token = get_validated_token()
+  logger.debug('Authenticated token: %s', token)
   access = []
   if scope_param is not None:
     match = SCOPE_REGEX.match(scope_param)
@@ -74,17 +78,19 @@ def generate_registry_jwt():
     if not REPOSITORY_NAME_REGEX.match(reponame):
       abort(400)
 
-    if 'pull' in actions and 'push' in actions:
-      if user is None:
-        abort(401)
+    if ('pull' in actions or 'push' in actions) and user is None and token is None:
+      # We are trying to perform a registry action without auth
+      abort(401)
 
+    if 'pull' in actions and 'push' in actions:
       repo = model.repository.get_repository(namespace, reponame)
       if repo:
         if not ModifyRepositoryPermission(namespace, reponame).can():
           abort(403)
       else:
-        if not CreateRepositoryPermission(namespace).can():
+        if not CreateRepositoryPermission(namespace).can() or user is None:
           abort(403)
+
         logger.debug('Creating repository: %s/%s', namespace, reponame)
         model.repository.create_repository(namespace, reponame, user)
     elif 'pull' in actions: