diff --git a/internal/services/gateway/action/user.go b/internal/services/gateway/action/user.go
index a585169..658ea86 100644
--- a/internal/services/gateway/action/user.go
+++ b/internal/services/gateway/action/user.go
@@ -566,6 +566,9 @@ func (h *ActionHandler) HandleRemoteSourceAuth(ctx context.Context, remoteSource
 		tokenName := "agola-" + h.agolaID
 		accessToken, err := passwordSource.LoginPassword(loginName, loginPassword, tokenName)
 		if err != nil {
+			if err == gitsource.ErrUnauthorized {
+				return nil, util.NewErrUnauthorized(errors.Wrapf(err, "failed to login to remotesource %q", remoteSourceName))
+			}
 			return nil, errors.Wrapf(err, "failed to login to remote source %q with login name %q", rs.Name, loginName)
 		}
 		h.log.Infof("access token: %s", accessToken)
diff --git a/internal/services/gateway/api/api.go b/internal/services/gateway/api/api.go
index 41e1018..0722944 100644
--- a/internal/services/gateway/api/api.go
+++ b/internal/services/gateway/api/api.go
@@ -36,6 +36,8 @@ func ErrorResponseFromError(err error) *ErrorResponse {
 	case util.IsErrNotFound(err):
 		fallthrough
 	case util.IsErrForbidden(err):
+		fallthrough
+	case util.IsErrUnauthorized(err):
 		return &ErrorResponse{Message: err.Error()}
 	}
 
@@ -64,6 +66,9 @@ func httpError(w http.ResponseWriter, err error) bool {
 	case util.IsErrForbidden(err):
 		w.WriteHeader(http.StatusForbidden)
 		w.Write(resj)
+	case util.IsErrUnauthorized(err):
+		w.WriteHeader(http.StatusUnauthorized)
+		w.Write(resj)
 	default:
 		w.WriteHeader(http.StatusInternalServerError)
 		w.Write(resj)