diff --git a/novaclient/client.py b/novaclient/client.py
index 75ecf3805..9ca9658c7 100644
--- a/novaclient/client.py
+++ b/novaclient/client.py
@@ -135,7 +135,11 @@ def _construct_http_client(api_version=None,
     if not session:
         if not auth and auth_token:
             auth = identity.Token(auth_url=auth_url,
-                                  token=auth_token)
+                                  token=auth_token,
+                                  project_id=project_id,
+                                  project_name=project_name,
+                                  project_domain_id=project_domain_id,
+                                  project_domain_name=project_domain_name)
         elif not auth:
             auth = identity.Password(username=username,
                                      user_id=user_id,
diff --git a/novaclient/tests/functional/base.py b/novaclient/tests/functional/base.py
index b1b2bf9ff..acc110132 100644
--- a/novaclient/tests/functional/base.py
+++ b/novaclient/tests/functional/base.py
@@ -193,7 +193,7 @@ class ClientTestBase(testtools.TestCase):
 
         user = auth_info['username']
         passwd = auth_info['password']
-        tenant = auth_info['project_name']
+        self.project_name = auth_info['project_name']
         auth_url = auth_info['auth_url']
         user_domain_id = auth_info['user_domain_id']
         self.project_domain_id = auth_info['project_domain_id']
@@ -205,7 +205,7 @@ class ClientTestBase(testtools.TestCase):
 
         auth = identity.Password(username=user,
                                  password=passwd,
-                                 project_name=tenant,
+                                 project_name=self.project_name,
                                  auth_url=auth_url,
                                  project_domain_id=self.project_domain_id,
                                  user_domain_id=user_domain_id)
@@ -247,7 +247,7 @@ class ClientTestBase(testtools.TestCase):
         self.cli_clients = tempest.lib.cli.base.CLIClient(
             username=user,
             password=passwd,
-            tenant_name=tenant,
+            tenant_name=self.project_name,
             uri=auth_url,
             cli_dir=cli_dir,
             insecure=self.insecure)
diff --git a/novaclient/tests/functional/test_auth.py b/novaclient/tests/functional/test_auth.py
index 760e62e92..9f645c334 100644
--- a/novaclient/tests/functional/test_auth.py
+++ b/novaclient/tests/functional/test_auth.py
@@ -13,40 +13,70 @@
 from six.moves.urllib import parse
 import tempest.lib.cli.base
 
+from novaclient import client
 from novaclient.tests.functional import base
 
 
 class TestAuthentication(base.ClientTestBase):
-    def nova(self, action, identity_api_version):
+
+    def _get_url(self, identity_api_version):
         url = parse.urlparse(self.cli_clients.uri)
-        url = parse.urlunparse((url.scheme, url.netloc,
-                                '/identity/v%s' % identity_api_version,
-                                url.params, url.query,
-                                url.fragment))
+        return parse.urlunparse((url.scheme, url.netloc,
+                                 '/identity/v%s' % identity_api_version,
+                                 url.params, url.query,
+                                 url.fragment))
+
+    def nova_auth_with_password(self, action, identity_api_version):
         flags = ('--os-username %s --os-tenant-name %s --os-password %s '
                  '--os-auth-url %s --os-endpoint-type publicURL' % (
                      self.cli_clients.username,
                      self.cli_clients.tenant_name,
                      self.cli_clients.password,
-                     url))
+                     self._get_url(identity_api_version)))
         if self.cli_clients.insecure:
             flags += ' --insecure '
 
         return tempest.lib.cli.base.execute(
             "nova", action, flags, cli_dir=self.cli_clients.cli_dir)
 
+    def nova_auth_with_token(self, identity_api_version):
+        auth_ref = self.client.client.session.auth.get_access(
+            self.client.client.session)
+        token = auth_ref.auth_token
+        auth_url = self._get_url(identity_api_version)
+        kw = {}
+        if identity_api_version == "3":
+            kw["project_domain_id"] = self.project_domain_id
+        nova = client.Client("2", auth_token=token, auth_url=auth_url,
+                             project_name=self.project_name, **kw)
+        nova.servers.list()
+
+        # NOTE(andreykurilin): token auth is completely broken in CLI
+        # flags = ('--os-username %s --os-tenant-name %s --os-auth-token %s '
+        #         '--os-auth-url %s --os-endpoint-type publicURL' % (
+        #             self.cli_clients.username,
+        #             self.cli_clients.tenant_name,
+        #             token, auth_url))
+        # if self.cli_clients.insecure:
+        #    flags += ' --insecure '
+        #
+        # return tempest.lib.cli.base.execute(
+        #    "nova", action, flags, cli_dir=self.cli_clients.cli_dir)
+
     def test_auth_via_keystone_v2(self):
         session = self.keystone.session
         version = (2, 0)
         if not base.is_keystone_version_available(session, version):
-            self.skip("Identity API version 2.0 is not available.")
+            self.skipTest("Identity API version 2.0 is not available.")
 
-        self.nova("list", identity_api_version="2.0")
+        self.nova_auth_with_password("list", identity_api_version="2.0")
+        self.nova_auth_with_token(identity_api_version="2.0")
 
     def test_auth_via_keystone_v3(self):
         session = self.keystone.session
         version = (3, 0)
         if not base.is_keystone_version_available(session, version):
-            self.skip("Identity API version 3.0 is not available.")
+            self.skipTest("Identity API version 3.0 is not available.")
 
-        self.nova("list", identity_api_version="3")
+        self.nova_auth_with_password("list", identity_api_version="3")
+        self.nova_auth_with_token(identity_api_version="3")