diff --git a/models/auth/access_token.go b/models/auth/access_token.go
index 8abcc622bc89c..574a6a6f28bfb 100644
--- a/models/auth/access_token.go
+++ b/models/auth/access_token.go
@@ -38,6 +38,23 @@ func (err ErrAccessTokenNotExist) Unwrap() error {
 	return util.ErrNotExist
 }
 
+// ErrBadAccessToken represents a "BadAccessToken" kind of error.
+type ErrBadAccessToken struct{}
+
+// IsErrBadAccessToken checks if an error is a ErrBadAccessToken.
+func IsErrBadAccessToken(err error) bool {
+	_, ok := err.(ErrBadAccessToken)
+	return ok
+}
+
+func (err ErrBadAccessToken) Error() string {
+	return "Bad credentials or token"
+}
+
+func (err ErrBadAccessToken) Unwrap() error {
+	return util.ErrInvalidArgument
+}
+
 // ErrAccessTokenEmpty represents a "AccessTokenEmpty" kind of error.
 type ErrAccessTokenEmpty struct{}
 
diff --git a/routers/common/auth.go b/routers/common/auth.go
index 8904785d51f37..e32afb83c50d8 100644
--- a/routers/common/auth.go
+++ b/routers/common/auth.go
@@ -4,8 +4,10 @@
 package common
 
 import (
+	auth_model "code.gitea.io/gitea/models/auth"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/web/middleware"
 	auth_service "code.gitea.io/gitea/services/auth"
 )
@@ -18,7 +20,8 @@ type AuthResult struct {
 func AuthShared(ctx *context.Base, sessionStore auth_service.SessionStore, authMethod auth_service.Method) (ar AuthResult, err error) {
 	ar.Doer, err = authMethod.Verify(ctx.Req, ctx.Resp, ctx, sessionStore)
 	if err != nil {
-		return ar, err
+		log.Warn("authentication failed", err)
+		return ar, auth_model.ErrBadAccessToken{}
 	}
 	if ar.Doer != nil {
 		if ctx.Locale.Language() != ar.Doer.Language {