diff --git a/kong-oidc-1.4.0-7.rockspec b/kong-oidc-1.4.0-8.rockspec
similarity index 97%
rename from kong-oidc-1.4.0-7.rockspec
rename to kong-oidc-1.4.0-8.rockspec
index 91f825e4..d728ca01 100644
--- a/kong-oidc-1.4.0-7.rockspec
+++ b/kong-oidc-1.4.0-8.rockspec
@@ -1,8 +1,8 @@
 package = "kong-oidc"
-version = "1.4.0-7"
+version = "1.4.0-8"
 source = {
     url = "git://github.com/cloudbeds/kong-oidc",
-    tag = "1.4.0-7",
+    tag = "1.4.0-8",
     dir = "kong-oidc"
 }
 description = {
diff --git a/kong/plugins/oidc/handler.lua b/kong/plugins/oidc/handler.lua
index 5fd41350..bec32aa9 100644
--- a/kong/plugins/oidc/handler.lua
+++ b/kong/plugins/oidc/handler.lua
@@ -1,5 +1,5 @@
 local OidcHandler = {
-    VERSION = "1.3.0",
+    VERSION = "1.4.0",
     PRIORITY = 1000,
 }
 local utils = require("kong.plugins.oidc.utils")
@@ -42,6 +42,9 @@ function handle(oidcConfig)
         utils.injectUser(response, oidcConfig.userinfo_header_name)
       end
       return
+    elseif utils.has_bearer_access_token() then
+      ngx.log(ngx.ERR, "OidcHandler bearer JWT verification failed, returning 401")
+      return kong.response.error(ngx.HTTP_UNAUTHORIZED, "Invalid bearer token")
     end
   end
 
@@ -54,6 +57,9 @@ function handle(oidcConfig)
       if not oidcConfig.disable_userinfo_header then
         utils.injectUser(response, oidcConfig.userinfo_header_name)
       end
+    elseif utils.has_bearer_access_token() then
+      ngx.log(ngx.ERR, "OidcHandler introspection failed for bearer token, returning 401")
+      return kong.response.error(ngx.HTTP_UNAUTHORIZED, "Invalid bearer token")
     end
   end