diff --git a/lib/extensions/index.js b/lib/extensions/index.js
index 6da487c..41a45dc 100644
--- a/lib/extensions/index.js
+++ b/lib/extensions/index.js
@@ -244,6 +244,11 @@ module.exports.authenticate = function (opts) {
         opts.auth = auth.authz;
         auth.resolve = null;
         auth.reject = null;
+        // NOTE XXX: This is premature in the sense that we can't be 100% sure
+        // that the client is still on the other end. We'll need to implement some
+        // sort of check that the client actually received the token
+        // (i.e. when the grant event gets an ack)
+        auth._claimed = true;
         return state.defaults.authenticate(opts.auth).then(resolve);
       };
       auth.reject = function (err) {