diff --git a/src/server/Worker.ts b/src/server/Worker.ts
index 1bbacc1e8..50ba20b90 100644
--- a/src/server/Worker.ts
+++ b/src/server/Worker.ts
@@ -341,7 +341,10 @@ export async function startWorker() {
           log.warn(`Invalid token: ${result.message}`, {
             clientID: clientMsg.clientID,
           });
-          ws.close(1002, "Unauthorized");
+          ws.close(
+            1002,
+            `Unauthorized: invalid token for client ${clientMsg.clientID}`,
+          );
           return;
         }
         const { persistentId, claims } = result;
@@ -376,13 +379,18 @@ export async function startWorker() {
         } else {
           // Verify token and get player permissions
           const result = await getUserMe(clientMsg.token, config);
-          if (result === false) {
-            log.warn("Unauthorized: Invalid session");
-            ws.close(1002, "Unauthorized");
+          if (result.type === "error") {
+            log.warn(`Unauthorized: ${result.message}`, {
+              clientID: clientMsg.clientID,
+            });
+            ws.close(
+              1002,
+              `Unauthorized: user me fetch failed for client ${clientMsg.clientID}`,
+            );
             return;
           }
-          roles = result.player.roles;
-          flares = result.player.flares;
+          roles = result.response.player.roles;
+          flares = result.response.player.flares;
 
           if (allowedFlares !== undefined) {
             const allowed =
@@ -424,7 +432,7 @@ export async function startWorker() {
                 clientID: clientMsg.clientID,
                 reason: turnstileResult.reason,
               });
-              ws.close(1002, "Unauthorized");
+              ws.close(1002, "Unauthorized: Turnstile token rejected");
               return;
             case "error":
               // Fail open, allow the client to join.
diff --git a/src/server/jwt.ts b/src/server/jwt.ts
index 29453eb9a..11ab6a369 100644
--- a/src/server/jwt.ts
+++ b/src/server/jwt.ts
@@ -58,7 +58,10 @@ export async function verifyClientToken(
 export async function getUserMe(
   token: string,
   config: ServerConfig,
-): Promise<UserMeResponse | false> {
+): Promise<
+  | { type: "success"; response: UserMeResponse }
+  | { type: "error"; message: string }
+> {
   try {
     // Get the user object
     const response = await fetch(config.jwtIssuer() + "/users/@me", {
@@ -66,19 +69,25 @@ export async function getUserMe(
         authorization: `Bearer ${token}`,
       },
     });
-    if (response.status !== 200) return false;
+    if (response.status !== 200) {
+      return {
+        type: "error",
+        message: `Failed to fetch user me: ${response.statusText}`,
+      };
+    }
     const body = await response.json();
     const result = UserMeResponseSchema.safeParse(body);
     if (!result.success) {
-      console.error(
-        "Invalid response",
-        JSON.stringify(body),
-        JSON.stringify(result.error),
-      );
-      return false;
+      return {
+        type: "error",
+        message: `Invalid response: ${z.prettifyError(result.error)}`,
+      };
     }
-    return result.data;
+    return { type: "success", response: result.data };
   } catch (e) {
-    return false;
+    return {
+      type: "error",
+      message: `Failed to fetch user me: ${e}`,
+    };
   }
 }