diff --git a/internal/kubernetes/token/grpc.go b/internal/kubernetes/token/grpc.go
index fc3dc51fd..c22033e72 100644
--- a/internal/kubernetes/token/grpc.go
+++ b/internal/kubernetes/token/grpc.go
@@ -77,29 +77,26 @@ func authorizeConnection(ctx context.Context, kubeclient kubernetes.Clientset) e
 
 	md, ok := metadata.FromIncomingContext(ctx)
 	if !ok {
-		return status.Errorf(codes.Unauthenticated, "missing metadata")
+		return status.Error(codes.Unauthenticated, "missing metadata")
 	}
 
 	authHeader, ok := md["authorization"]
 	if !ok || len(authHeader) == 0 {
-		return status.Errorf(codes.Unauthenticated, "missing authorization token")
+		return status.Error(codes.Unauthenticated, "missing authorization token")
 	}
 
 	token := authHeader[0]
 	isValidated, err := validateBearerToken(ctx, token, kubeclient)
 	if !isValidated || (err != nil) {
-		return status.Errorf(codes.Unauthenticated, "invalid token")
+		return status.Error(codes.Unauthenticated, fmt.Sprint("invalid token: %w", err))
 	}
 	return nil
 }
 
 func parseToken(authHeader string) string {
-	// Check if the Authorization header starts with "Bearer"
 	if strings.HasPrefix(authHeader, bearerPrefix) {
-		// Remove the "Bearer " part and return the token
 		return strings.TrimPrefix(authHeader, bearerPrefix)
 	}
-	// If it doesn't start with "Bearer", return the original header
 	return authHeader
 }
 
@@ -111,7 +108,7 @@ func validateBearerToken(ctx context.Context, token string, kubeclient kubernete
 	}
 	result, err := kubeclient.AuthenticationV1().TokenReviews().Create(ctx, tokenReview, metav1.CreateOptions{})
 	if err != nil {
-		return false, fmt.Errorf("failed to review token %v", err)
+		return false, fmt.Errorf("failed to review token %w", err)
 	}
 
 	if result.Status.Authenticated {