diff --git a/examples/get-manifest/main.rs b/examples/get-manifest/main.rs
index 5398f5cb..0fc2edd1 100644
--- a/examples/get-manifest/main.rs
+++ b/examples/get-manifest/main.rs
@@ -85,7 +85,7 @@ pub async fn main() {
     let auth = build_auth(&reference, &cli);
 
     let client_config = build_client_config(&cli);
-    let mut client = Client::new(client_config);
+    let client = Client::new(client_config);
 
     let (manifest, _) = client
         .pull_manifest(&reference, &auth)
diff --git a/src/client.rs b/src/client.rs
index 62de530d..1673baae 100644
--- a/src/client.rs
+++ b/src/client.rs
@@ -534,6 +534,8 @@ impl Client {
         authentication: &RegistryAuth,
         operation: RegistryOperation,
     ) -> Result<Option<String>> {
+        self.store_auth_if_needed(image.resolve_registry(), authentication)
+            .await;
         // preserve old caching behavior
         match self._auth(image, authentication, operation).await {
             Ok(Some(RegistryTokenType::Bearer(token))) => {
@@ -1802,6 +1804,14 @@ mod test {
             .as_str()
             .to_string();
 
+        // we have to have it in the stored auth so we'll get to the token cache check.
+        client
+            .store_auth(
+                &Reference::try_from(HELLO_IMAGE_TAG)?.resolve_registry(),
+                RegistryAuth::Anonymous,
+            )
+            .await;
+
         client
             .tokens
             .insert(