diff --git a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
index e025c7802..17f28c202 100644
--- a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
+++ b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
@@ -30,8 +30,8 @@ def set_user_by_token(mapping=nil)
 
     # parse header for values necessary for authentication
     uid        = request.headers[uid_name] || params[uid_name]
-    @token     = request.headers[access_token_name] || params[access_token_name]
-    @client_id = request.headers[client_name] || params[client_name]
+    @token     ||= request.headers[access_token_name] || params[access_token_name]
+    @client_id ||= request.headers[client_name] || params[client_name]
 
     # client_id isn't required, set to 'default' if absent
     @client_id ||= 'default'