diff --git a/src/pkg/registry/auth/authorizer.go b/src/pkg/registry/auth/authorizer.go
index af61fea4a..66310343d 100644
--- a/src/pkg/registry/auth/authorizer.go
+++ b/src/pkg/registry/auth/authorizer.go
@@ -54,9 +54,9 @@ type authorizer struct {
 }
 
 func (a *authorizer) Modify(req *http.Request) error {
-	// Nil URL means this is the first time the authorizer is called
+	// Nil underlying authorizer means this is the first time the authorizer is called
 	// Try to connect to the registry and determine the auth scheme
-	if a.url == nil {
+	if a.authorizer == nil {
 		// to avoid concurrent issue
 		a.Lock()
 		defer a.Unlock()
@@ -74,7 +74,7 @@ func (a *authorizer) Modify(req *http.Request) error {
 }
 
 func (a *authorizer) initialize(u *url.URL) error {
-	if a.url != nil {
+	if a.authorizer != nil {
 		return nil
 	}
 	url, err := url.Parse(u.Scheme + "://" + u.Host + "/v2/")
diff --git a/src/pkg/registry/auth/bearer/authorizer.go b/src/pkg/registry/auth/bearer/authorizer.go
index c95ee1119..dd88f52e7 100644
--- a/src/pkg/registry/auth/bearer/authorizer.go
+++ b/src/pkg/registry/auth/bearer/authorizer.go
@@ -142,5 +142,8 @@ func (a *authorizer) fetchToken(scopes []*scope) (*token, error) {
 	if err = json.Unmarshal(body, token); err != nil {
 		return nil, err
 	}
+	if len(token.Token) == 0 && len(token.AccessToken) > 0 {
+		token.Token = token.AccessToken
+	}
 	return token, nil
 }