diff --git a/jib-core/src/main/java/com/google/cloud/tools/jib/builder/steps/AuthenticatePushStep.java b/jib-core/src/main/java/com/google/cloud/tools/jib/builder/steps/AuthenticatePushStep.java
index 5bbb78ce94..b7c041273f 100644
--- a/jib-core/src/main/java/com/google/cloud/tools/jib/builder/steps/AuthenticatePushStep.java
+++ b/jib-core/src/main/java/com/google/cloud/tools/jib/builder/steps/AuthenticatePushStep.java
@@ -33,6 +33,7 @@
 import java.util.concurrent.ExecutionException;
 import javax.annotation.Nullable;
 
+// TODO: This is probably not necessary anymore either.
 /**
  * Authenticates push to a target registry using Docker Token Authentication.
  *
diff --git a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java
index 4db096b66a..f64935de91 100644
--- a/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java
+++ b/jib-core/src/main/java/com/google/cloud/tools/jib/registry/RegistryAuthenticator.java
@@ -96,6 +96,23 @@ private static RegistryAuthenticationFailedException newRegistryAuthenticationFa
   private static class AuthenticationResponseTemplate implements JsonTemplate {
 
     @Nullable private String token;
+
+    /**
+     * {@code access_token} is accepted as an alias for {@code token}.
+     *
+     * @see <a
+     *     href="https://docs.docker.com/registry/spec/auth/token/#token-response-fields">https://docs.docker.com/registry/spec/auth/token/#token-response-fields</a>
+     */
+    @Nullable private String access_token;
+
+    /** @return {@link #token} if not null, or {@link #access_token} */
+    @Nullable
+    private String getToken() {
+      if (token != null) {
+        return token;
+      }
+      return access_token;
+    }
   }
 
   private final String authenticationUrlBase;
@@ -164,11 +181,11 @@ private Authorization authenticate(String scope) throws RegistryAuthenticationFa
 
         AuthenticationResponseTemplate responseJson =
             JsonTemplateMapper.readJson(responseString, AuthenticationResponseTemplate.class);
-        if (responseJson.token == null) {
+        if (responseJson.getToken() == null) {
           throw new RegistryAuthenticationFailedException(
               "Did not get token in authentication response from " + authenticationUrl);
         }
-        return Authorizations.withBearerToken(responseJson.token);
+        return Authorizations.withBearerToken(responseJson.getToken());
       }
 
     } catch (IOException ex) {
diff --git a/jib-maven-plugin/src/main/java/com/google/cloud/tools/jib/maven/MavenSettingsServerCredentials.java b/jib-maven-plugin/src/main/java/com/google/cloud/tools/jib/maven/MavenSettingsServerCredentials.java
index 1e2d4fd397..d50bc7af0b 100644
--- a/jib-maven-plugin/src/main/java/com/google/cloud/tools/jib/maven/MavenSettingsServerCredentials.java
+++ b/jib-maven-plugin/src/main/java/com/google/cloud/tools/jib/maven/MavenSettingsServerCredentials.java
@@ -54,6 +54,7 @@ RegistryCredentials retrieve(@Nullable String registry) {
       return null;
     }
 
+    // TODO: Add log message that says using credentials from Maven settings.
     return new RegistryCredentials(
         CREDENTIAL_SOURCE,
         Authorizations.withBasicCredentials(