diff --git a/internal/clientcache/cmd/daemon/command_wrapper.go b/internal/clientcache/cmd/daemon/command_wrapper.go
index 7b83c29f7b..cd7b76b9ad 100644
--- a/internal/clientcache/cmd/daemon/command_wrapper.go
+++ b/internal/clientcache/cmd/daemon/command_wrapper.go
@@ -102,7 +102,7 @@ func (w *CommandWrapper) addTokenToCache(ctx context.Context, token string) bool
 		return false
 	}
 	keyringType, tokName, err := w.BaseCommand().DiscoverKeyringTokenInfo()
-	if err != nil {
+	if err != nil && token == "" {
 		return false
 	}
 	if token != "" {
diff --git a/internal/cmd/commands/authenticate/funcs.go b/internal/cmd/commands/authenticate/funcs.go
index 6bfa7b58b2..3881e42b0a 100644
--- a/internal/cmd/commands/authenticate/funcs.go
+++ b/internal/cmd/commands/authenticate/funcs.go
@@ -98,6 +98,10 @@ func saveAndOrPrintToken(c *base.Command, result *authmethods.AuthenticateResult
 	switch {
 	case gotErr:
 		c.UI.Warn(fmt.Sprintf("The token was not successfully saved to a system keyring. The token is:\n\n%s\n\nIt must be manually passed in via the BOUNDARY_TOKEN env var or -token flag. Storing the token can also be disabled via -keyring-type=none.", token.Token))
+
+		if opts.WithInterceptedToken != nil {
+			*opts.WithInterceptedToken = token.Token
+		}
 	case c.FlagKeyringType == "none":
 		c.UI.Warn("\nStoring the token in a keyring was disabled. The token is:")
 		c.UI.Output(token.Token)