diff --git a/auth.go b/auth.go
index 5ce6ce9..563d78e 100644
--- a/auth.go
+++ b/auth.go
@@ -111,8 +111,7 @@ func RefreshAuthToken(tok string) (TokenClaims, error) {
 	token, err := jwt.ParseWithClaims(tok, &TokenClaims{}, secretFunc)
 	if err != nil {
 		if validation, ok := err.(*jwt.ValidationError); ok {
-			// don't return error if token is expired
-			// just extend it
+			// don't return error if token is expired, just extend it
 			if !(validation.Errors&jwt.ValidationErrorExpired != 0) {
 				return TokenClaims{}, err
 			}
@@ -160,7 +159,7 @@ func AuthCheck(req *http.Request, roles string) (*TokenClaims, error) {
 		}
 	}
 
-	return claims, nil
+	return claims, errors.New("unauthorized role access")
 }
 
 // GetTokenClaims extracts JWT claims from Authorization header of req.