diff --git a/lib/cli-common.js b/lib/cli-common.js
index 1c20d56..a299da5 100644
--- a/lib/cli-common.js
+++ b/lib/cli-common.js
@@ -102,7 +102,7 @@ common.api.token = function (state, handlers) {
           handlers.error(new Error("No token found or generated, and no pair_request api found."));
           return;
         }
-        
+
         // TODO sign token with own private key, including public key and thumbprint
         //      (much like ACME JOSE account)
         var otp = state.otp || state._otp || common.otp();
@@ -182,6 +182,13 @@ common.api.token = function (state, handlers) {
               //console.log('[debug] first req');
               handlers.requested(authReq, function () {
                 handlers.connect(body.access_token || body.jwt, function () {
+                  var err;
+                  if (!resp.headers.location) {
+                    err = new Error("bad authentication request response");
+                    err._resp = resp.toJSON();
+                    handlers.error(err, function () {});
+                    return;
+                  }
                   setTimeout(gotoNext, 2 * 1000, { url: resp.headers.location, json: true });
                 });
               });