diff --git a/utils/http.go b/utils/http.go
index d9a1357972..95245d9fb2 100644
--- a/utils/http.go
+++ b/utils/http.go
@@ -64,8 +64,10 @@ func (root *rootHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		var authCtx context.Context
 		var err error
 		if authCtx, err = root.auth.Authorized(ctx, access...); err != nil {
-			if err, ok := err.(auth.Challenge); ok {
-				err.ServeHTTP(w, r)
+			if challenge, ok := err.(auth.Challenge); ok {
+				// Let the challenge write the response.
+				challenge.ServeHTTP(w, r)
+
 				w.WriteHeader(http.StatusUnauthorized)
 				return
 			}