diff --git a/Sources/OAuth2Client/NXOAuth2AccessToken.m b/Sources/OAuth2Client/NXOAuth2AccessToken.m
index bedef7b8..28549d23 100644
--- a/Sources/OAuth2Client/NXOAuth2AccessToken.m
+++ b/Sources/OAuth2Client/NXOAuth2AccessToken.m
@@ -112,8 +112,7 @@ - (id)initWithAccessToken:(NSString *)anAccessToken refreshToken:(NSString *)aRe
 
 - (id)initWithAccessToken:(NSString *)anAccessToken refreshToken:(NSString *)aRefreshToken expiresAt:(NSDate *)anExpiryDate scope:(NSSet *)aScope responseBody:(NSString *)aResponseBody tokenType:(NSString *)aTokenType
 {
-    // a token object without an actual token is not what we want!
-    NSAssert1(anAccessToken, @"No token from token response: %@", aResponseBody);
+    // a token object without an actual token is not what we want! >> But we must process response!
     if (anAccessToken == nil) {
         return nil;
     }
@@ -238,7 +237,7 @@ + (id)tokenFromDefaultKeychainWithServiceProviderName:(NSString *)provider;
     result = (__bridge_transfer NSDictionary *)cfResult;
     
     if (status != noErr) {
-        NSAssert1(status == errSecItemNotFound, @"unexpected error while fetching token from keychain: %d", (int)status);
+        NSAssert1(status == errSecItemNotFound, @"unexpected error while fetching token from keychain: %ld", status);
         return nil;
     }
     
@@ -257,7 +256,7 @@ - (void)storeInDefaultKeychainWithServiceProviderName:(NSString *)provider;
                            nil];
     [self removeFromDefaultKeychainWithServiceProviderName:provider];
     OSStatus __attribute__((unused)) err = SecItemAdd((__bridge CFDictionaryRef)query, NULL);
-    NSAssert1(err == noErr, @"error while adding token to keychain: %d", (int)err);
+    NSAssert1(err == noErr, @"error while adding token to keychain: %ld", err);
 }
 
 - (void)removeFromDefaultKeychainWithServiceProviderName:(NSString *)provider;
@@ -268,7 +267,7 @@ - (void)removeFromDefaultKeychainWithServiceProviderName:(NSString *)provider;
                            serviceName, kSecAttrService,
                            nil];
     OSStatus __attribute__((unused)) err = SecItemDelete((__bridge CFDictionaryRef)query);
-    NSAssert1((err == noErr || err == errSecItemNotFound), @"error while deleting token from keychain: %d", (int)err);
+    NSAssert1((err == noErr || err == errSecItemNotFound), @"error while deleting token from keychain: %ld", err);
 }
 
 #else
diff --git a/Sources/OAuth2Client/NXOAuth2Client.m b/Sources/OAuth2Client/NXOAuth2Client.m
index 2dfa0f6e..3409438f 100644
--- a/Sources/OAuth2Client/NXOAuth2Client.m
+++ b/Sources/OAuth2Client/NXOAuth2Client.m
@@ -161,7 +161,7 @@ - (void)setPersistent:(BOOL)shouldPersist;
 - (NXOAuth2AccessToken *)accessToken;
 {
     if (accessToken) return accessToken;
-    
+  
     if (persistent) {
         accessToken = [NXOAuth2AccessToken tokenFromDefaultKeychainWithServiceProviderName:keyChainGroup ? keyChainGroup : [tokenURL host]];
         if (accessToken) {
@@ -177,10 +177,10 @@ - (NXOAuth2AccessToken *)accessToken;
 
 - (void)setAccessToken:(NXOAuth2AccessToken *)value;
 {
-    if (self.accessToken == value) return;
+    if (self.accessToken == value && nil != value) return;
     BOOL authorisationStatusChanged = ((accessToken == nil)    || (value == nil)); //They can't both be nil, see one line above. So they have to have changed from or to nil.
     
-    if (!value) {
+    if (!value && nil != self.accessToken) {
         [self.accessToken removeFromDefaultKeychainWithServiceProviderName:keyChainGroup ? keyChainGroup : [tokenURL host]];
     }
     
@@ -329,13 +329,13 @@ - (void)requestTokenWithAuthGrant:(NSString *)authGrant redirectURL:(NSURL *)red
     if (self.desiredScope) {
         [parameters setObject:[[self.desiredScope allObjects] componentsJoinedByString:@" "] forKey:@"scope"];
     }
-    
+  
     if (self.customHeaderFields) {
         [self.customHeaderFields enumerateKeysAndObjectsUsingBlock:^(NSString *key, NSString *obj, BOOL *stop) {
             [tokenRequest addValue:obj forHTTPHeaderField:key];
         }];
     }
-    
+  
     if (self.additionalAuthenticationParameters) {
         [parameters addEntriesFromDictionary:self.additionalAuthenticationParameters];
     }
@@ -366,13 +366,13 @@ - (void)authenticateWithClientCredentials;
     if (self.desiredScope) {
         [parameters setObject:[[self.desiredScope allObjects] componentsJoinedByString:@" "] forKey:@"scope"];
     }
-    
+  
     if (self.customHeaderFields) {
         [self.customHeaderFields enumerateKeysAndObjectsUsingBlock:^(NSString *key, NSString *obj, BOOL *stop) {
             [tokenRequest addValue:obj forHTTPHeaderField:key];
         }];
     }
-    
+
     authConnection = [[NXOAuth2Connection alloc] initWithRequest:tokenRequest
                                                requestParameters:parameters
                                                      oauthClient:self
@@ -405,13 +405,13 @@ - (void)authenticateWithUsername:(NSString *)username password:(NSString *)passw
     if (self.additionalAuthenticationParameters) {
         [parameters addEntriesFromDictionary:self.additionalAuthenticationParameters];
     }
-    
+  
     if (self.customHeaderFields) {
         [self.customHeaderFields enumerateKeysAndObjectsUsingBlock:^(NSString *key, NSString *obj, BOOL *stop) {
             [tokenRequest addValue:obj forHTTPHeaderField:key];
         }];
     }
-    
+  
     authConnection = [[NXOAuth2Connection alloc] initWithRequest:tokenRequest
                                                requestParameters:parameters
                                                      oauthClient:self
@@ -442,6 +442,13 @@ - (void)authenticateWithAssertionType:(NSURL *)anAssertionType assertion:(NSStri
     if (self.desiredScope) {
         [parameters setObject:[[self.desiredScope allObjects] componentsJoinedByString:@" "] forKey:@"scope"];
     }
+
+    if (self.customHeaderFields) {
+        [self.customHeaderFields enumerateKeysAndObjectsUsingBlock:^(NSString *key, NSString *obj, BOOL *stop) {
+            [tokenRequest addValue:obj forHTTPHeaderField:key];
+        }];
+    }
+  
     authConnection = [[NXOAuth2Connection alloc] initWithRequest:tokenRequest
                                                requestParameters:parameters
                                                      oauthClient:self
@@ -500,14 +507,15 @@ - (void)oauthConnection:(NXOAuth2Connection *)connection didFinishWithData:(NSDa
         self.authenticating = NO;
 
         NSString *result = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
-        NXOAuth2AccessToken *newToken = [NXOAuth2AccessToken tokenWithResponseBody:result tokenType:self.tokenType
-                                         ];
-        NSAssert(newToken != nil, @"invalid response?");
-        
-        [newToken restoreWithOldToken:self.accessToken];
-        
-        self.accessToken = newToken;
-        
+        NXOAuth2AccessToken *newToken = [NXOAuth2AccessToken tokenWithResponseBody:result tokenType:self.tokenType];
+      
+        if (nil != newToken) {
+            [newToken restoreWithOldToken:self.accessToken];
+            self.accessToken = newToken;
+        } else {
+            self.accessToken = nil;
+        }
+      
         for (NXOAuth2Connection *retryConnection in waitingConnections) {
             [retryConnection retry];
         }