diff --git a/internal/api/oidc/client_integration_test.go b/internal/api/oidc/client_integration_test.go
index 21d54a59dc..65cc9309d5 100644
--- a/internal/api/oidc/client_integration_test.go
+++ b/internal/api/oidc/client_integration_test.go
@@ -140,6 +140,15 @@ func TestServer_Introspect(t *testing.T) {
 	}
 }
 
+func TestServer_Introspect_invalid_auth_invalid_token(t *testing.T) {
+	// ensure that when an invalid authentication and token is sent, the authentication error is returned
+	// https://github.com/zitadel/zitadel/pull/8133
+	resourceServer, err := Tester.CreateResourceServerClientCredentials(CTX, "xxxxx", "xxxxx")
+	require.NoError(t, err)
+	_, err = rs.Introspect[*oidc.IntrospectionResponse](context.Background(), resourceServer, "xxxxx")
+	require.Error(t, err)
+}
+
 func assertIntrospection(
 	t *testing.T,
 	introspection *oidc.IntrospectionResponse,
diff --git a/internal/api/oidc/introspect.go b/internal/api/oidc/introspect.go
index b0881b6d65..99602393c5 100644
--- a/internal/api/oidc/introspect.go
+++ b/internal/api/oidc/introspect.go
@@ -54,19 +54,20 @@ func (s *Server) Introspect(ctx context.Context, r *op.Request[op.IntrospectionR
 		select {
 		case client = <-clientChan:
 			resErr = client.err
+			if resErr != nil {
+				// we prioritize the client error over the token error
+				err = resErr
+				cancel()
+			}
 		case token = <-tokenChan:
 			resErr = token.err
-		}
-
-		if resErr == nil {
-			continue
-		}
-		cancel()
-
-		// we only care for the first error that occurred,
-		// as the next error is most probably a context error.
-		if err == nil {
-			err = resErr
+			if resErr == nil {
+				continue
+			}
+			// we prioritize the client error over the token error
+			if err == nil {
+				err = resErr
+			}
 		}
 	}