diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py
index cac5990..8d7da20 100644
--- a/keystonemiddleware/auth_token/__init__.py
+++ b/keystonemiddleware/auth_token/__init__.py
@@ -739,7 +739,9 @@ class AuthProtocol(BaseAuthProtocol):
                 self.log.info(_LI('Deferring reject downstream'))
             else:
                 self.log.info(_LI('Rejecting request'))
-                self._reject_request()
+                raise webob.exc.HTTPUnauthorized(
+                    body='Authentication required',
+                    headers=self._reject_auth_headers)
 
         if request.user_token_valid:
             user_auth_ref = request.token_auth._user_auth_ref
@@ -772,17 +774,6 @@ class AuthProtocol(BaseAuthProtocol):
         header_val = 'Keystone uri=\'%s\'' % self._auth_uri
         return [('WWW-Authenticate', header_val)]
 
-    def _reject_request(self):
-        """Redirect client to auth server.
-
-        :param env: wsgi request environment
-        :param start_response: wsgi response callback
-        :returns: HTTPUnauthorized http response
-
-        """
-        raise webob.exc.HTTPUnauthorized(body='Authentication required',
-                                         headers=self._reject_auth_headers)
-
     def _token_hashes(self, token):
         """Generate a list of hashes that the current token may be cached as.