diff --git a/modules/restful_token_auth/plugins/restful/restful_token_auth/token_auth/access_token/1.0/RestfulAccessTokenAuthentication.class.php b/modules/restful_token_auth/plugins/restful/restful_token_auth/token_auth/access_token/1.0/RestfulAccessTokenAuthentication.class.php
index cbe50119..bb3690a6 100644
--- a/modules/restful_token_auth/plugins/restful/restful_token_auth/token_auth/access_token/1.0/RestfulAccessTokenAuthentication.class.php
+++ b/modules/restful_token_auth/plugins/restful/restful_token_auth/token_auth/access_token/1.0/RestfulAccessTokenAuthentication.class.php
@@ -25,6 +25,13 @@ public static function controllersInfo() {
   public function getOrCreateToken() {
     $entity_type = $this->getEntityType();
     $account = $this->getAccount();
+    
+    if (!$account->uid) {
+      // If this handler was called programmatically we want to make sure the
+      // account is of an authenticated user.
+      throw new RestfulBadRequestException('Only authenticated users can have an access token.');
+    }    
+    
     // Check if there is a token that did not expire yet.
     $query = new EntityFieldQuery();
     $result = $query