diff --git a/clientapi/routing/register.go b/clientapi/routing/register.go
index 614e19d50..c0fceaef7 100644
--- a/clientapi/routing/register.go
+++ b/clientapi/routing/register.go
@@ -589,6 +589,9 @@ func handleRegistrationFlow(
 
 	// TODO: email / msisdn auth types.
 	accessToken, accessTokenErr := auth.ExtractAccessToken(req)
+	if accessTokenErr != nil {
+		return util.MessageResponse(http.StatusForbidden, "Access token error: "+accessTokenErr.Error())
+	}
 
 	// Appservices are special and are not affected by disabled
 	// registration or user exclusivity.