diff --git a/goblet-server/main.go b/goblet-server/main.go
index cad2a0a..cba15f3 100644
--- a/goblet-server/main.go
+++ b/goblet-server/main.go
@@ -35,6 +35,7 @@ import (
 	"github.com/google/uuid"
 	"go.opencensus.io/stats/view"
 	"go.opencensus.io/tag"
+	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
 
 	logpb "google.golang.org/genproto/googleapis/logging/v2"
@@ -230,7 +231,9 @@ func main() {
 		LocalDiskCacheRoot:         *cacheRoot,
 		URLCanonializer:            googlehook.CanonicalizeURL,
 		RequestAuthorizer:          authorizer,
-		TokenSource:                ts,
+		TokenSource:                func(upstreamURL *url.URL) (*oauth2.Token, error) {
+			return ts.Token()
+		},
 		ErrorReporter:              er,
 		RequestLogger:              rl,
 		LongRunningOperationLogger: lrol,
diff --git a/goblet.go b/goblet.go
index b6641b2..179fe5a 100644
--- a/goblet.go
+++ b/goblet.go
@@ -64,7 +64,7 @@ type ServerConfig struct {
 
 	RequestAuthorizer func(*http.Request) error
 
-	TokenSource oauth2.TokenSource
+	TokenSource func(upstreamURL *url.URL) (*oauth2.Token, error)
 
 	ErrorReporter func(*http.Request, error)
 
diff --git a/managed_repository.go b/managed_repository.go
index 4ce3cae..e0025b7 100644
--- a/managed_repository.go
+++ b/managed_repository.go
@@ -132,7 +132,7 @@ func (r *managedRepository) lsRefsUpstream(command []*gitprotocolio.ProtocolV2Re
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "cannot construct a request object: %v", err)
 	}
-	t, err := r.config.TokenSource.Token()
+	t, err := r.config.TokenSource(r.upstreamURL)
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "cannot obtain an OAuth2 access token for the server: %v", err)
 	}
@@ -195,7 +195,7 @@ func (r *managedRepository) fetchUpstream() (err error) {
 	defer r.mu.Unlock()
 	if splitGitFetch {
 		// Fetch heads and changes first.
-		t, err = r.config.TokenSource.Token()
+		t, err = r.config.TokenSource(r.upstreamURL)
 		if err != nil {
 			err = status.Errorf(codes.Internal, "cannot obtain an OAuth2 access token for the server: %v", err)
 			return err
@@ -203,7 +203,7 @@ func (r *managedRepository) fetchUpstream() (err error) {
 		err = runGit(op, r.localDiskPath, "-c", "http.extraHeader=Authorization: Bearer "+t.AccessToken, "fetch", "--progress", "-f", "-n", "origin", "refs/heads/*:refs/heads/*", "refs/changes/*:refs/changes/*")
 	}
 	if err == nil {
-		t, err = r.config.TokenSource.Token()
+		t, err = r.config.TokenSource(r.upstreamURL)
 		if err != nil {
 			err = status.Errorf(codes.Internal, "cannot obtain an OAuth2 access token for the server: %v", err)
 			return err