diff --git a/src/Authentication/Provider/SimpleOauthAuthenticationProvider.php b/src/Authentication/Provider/SimpleOauthAuthenticationProvider.php
index 99b34d4..b55b3ce 100644
--- a/src/Authentication/Provider/SimpleOauthAuthenticationProvider.php
+++ b/src/Authentication/Provider/SimpleOauthAuthenticationProvider.php
@@ -9,6 +9,7 @@ use Drupal\simple_oauth\PageCache\SimpleOauthRequestPolicyInterface;
 use Drupal\simple_oauth\Server\ResourceServerInterface;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Exception\HttpException;
 
 /**
  * @internal
@@ -77,7 +78,11 @@ class SimpleOauthAuthenticationProvider implements AuthenticationProviderInterfa
       // Procedural code here is hard to avoid.
       watchdog_exception('simple_oauth', $exception);
 
-      return NULL;
+      throw new HttpException(
+        $exception->getHttpStatusCode(),
+        $exception->getHint(),
+        $exception
+      );
     }
 
     $tokens = $this->entityTypeManager->getStorage('oauth2_token')->loadByProperties([
@@ -91,12 +96,18 @@ class SimpleOauthAuthenticationProvider implements AuthenticationProviderInterfa
     if ($account->isBlocked() && $account->isAuthenticated()) {
       $token->revoke();
       $token->save();
-      throw OAuthServerException::accessDenied(
+      $exception = OAuthServerException::accessDenied(
         t(
           '%name is blocked or has not been activated yet.',
           ['%name' => $account->getAccountName()]
         )
       );
+      watchdog_exception('simple_oauth', $exception);
+      throw new HttpException(
+        $exception->getHttpStatusCode(),
+        $exception->getHint(),
+        $exception
+      );
     }
 
     // Inherit uploaded files for the current request.