diff --git a/ocr/scripts/fetch-auth0-token.sh b/ocr/scripts/fetch-auth0-token.sh
index eb010fb..237d885 100755
--- a/ocr/scripts/fetch-auth0-token.sh
+++ b/ocr/scripts/fetch-auth0-token.sh
@@ -31,7 +31,10 @@ CLIENT_ID=$(cat "$CLIENT_ID_FILE" | tr -d '[:space:]')
 CLIENT_SECRET=$(cat "$CLIENT_SECRET_FILE" | tr -d '[:space:]')
 
 # Request M2M token from Auth0
-RESPONSE=$(curl -s --fail-with-body \
+# Write body to temp file, capture HTTP status code separately.
+# Avoids --fail-with-body + set -e which swallows errors inside $().
+BODY_FILE=$(mktemp)
+HTTP_CODE=$(curl -s -w '%{http_code}' -o "$BODY_FILE" \
   --request POST \
   --url "https://${AUTH0_DOMAIN}/oauth/token" \
   --header 'Content-Type: application/json' \
@@ -40,11 +43,13 @@ RESPONSE=$(curl -s --fail-with-body \
     \"client_secret\": \"${CLIENT_SECRET}\",
     \"audience\": \"${AUDIENCE}\",
     \"grant_type\": \"client_credentials\"
-  }")
+  }") || true
+RESPONSE=$(cat "$BODY_FILE")
+rm -f "$BODY_FILE"
 
-if [ $? -ne 0 ]; then
-  echo "Error: Auth0 token request failed" >&2
-  echo "$RESPONSE" >&2
+if [ "$HTTP_CODE" != "200" ]; then
+  echo "Error: Auth0 token request failed (HTTP $HTTP_CODE)" >&2
+  echo "Response: $RESPONSE" >&2
   exit 1
 fi