Please see this answer for details OnAuthenticationRequired question
Only requests that authenticate will return the token.