diff --git a/extensions/search/pkg/search/provider/events.go b/extensions/search/pkg/search/provider/events.go
index c5ba6722616..d243c523778 100644
--- a/extensions/search/pkg/search/provider/events.go
+++ b/extensions/search/pkg/search/provider/events.go
@@ -9,6 +9,7 @@ import (
 	rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	ctxpkg "github.com/cs3org/reva/v2/pkg/ctx"
+	"github.com/cs3org/reva/v2/pkg/errtypes"
 	"github.com/cs3org/reva/v2/pkg/events"
 	"google.golang.org/grpc/metadata"
 )
@@ -120,35 +121,38 @@ func (p *Provider) handleEvent(ev interface{}) {
 }
 
 func (p *Provider) statResource(ref *provider.Reference, owner *user.User) (*provider.StatResponse, error) {
-	// Get auth
-	ownerCtx := ctxpkg.ContextSetUser(context.Background(), owner)
-	authRes, err := p.gwClient.Authenticate(ownerCtx, &gateway.AuthenticateRequest{
-		Type:         "machine",
-		ClientId:     "userid:" + owner.Id.OpaqueId,
-		ClientSecret: p.machineAuthAPIKey,
-	})
-	if err != nil || authRes.GetStatus().GetCode() != rpc.Code_CODE_OK {
-		p.logger.Error().Err(err).Interface("authRes", authRes).Msg("error using machine auth")
+	ownerCtx, err := p.getAuthContext(owner)
+	if err != nil {
+		return nil, err
 	}
-	ownerCtx = metadata.AppendToOutgoingContext(ownerCtx, ctxpkg.TokenHeader, authRes.Token)
 
 	// Stat changed resource resource
 	return p.gwClient.Stat(ownerCtx, &provider.StatRequest{Ref: ref})
 }
 
 func (p *Provider) getPath(id *provider.ResourceId, owner *user.User) (*provider.GetPathResponse, error) {
-	// Get auth
+	ownerCtx, err := p.getAuthContext(owner)
+	if err != nil {
+		return nil, err
+	}
+
+	// Stat changed resource resource
+	return p.gwClient.GetPath(ownerCtx, &provider.GetPathRequest{ResourceId: id})
+}
+
+func (p *Provider) getAuthContext(owner *user.User) (context.Context, error) {
 	ownerCtx := ctxpkg.ContextSetUser(context.Background(), owner)
 	authRes, err := p.gwClient.Authenticate(ownerCtx, &gateway.AuthenticateRequest{
 		Type:         "machine",
 		ClientId:     "userid:" + owner.Id.OpaqueId,
 		ClientSecret: p.machineAuthAPIKey,
 	})
-	if err != nil || authRes.GetStatus().GetCode() != rpc.Code_CODE_OK {
+	if err == nil && authRes.GetStatus().GetCode() != rpc.Code_CODE_OK {
+		err = errtypes.NewErrtypeFromStatus(authRes.Status)
+	}
+	if err != nil {
 		p.logger.Error().Err(err).Interface("authRes", authRes).Msg("error using machine auth")
+		return nil, err
 	}
-	ownerCtx = metadata.AppendToOutgoingContext(ownerCtx, ctxpkg.TokenHeader, authRes.Token)
-
-	// Stat changed resource resource
-	return p.gwClient.GetPath(ownerCtx, &provider.GetPathRequest{ResourceId: id})
+	return metadata.AppendToOutgoingContext(ownerCtx, ctxpkg.TokenHeader, authRes.Token), nil
 }