diff --git a/changelog.d/20241018_082221_kurtmckee_eliminate_none_return_values.rst b/changelog.d/20241018_082221_kurtmckee_eliminate_none_return_values.rst
index f77b231..e8ac24d 100644
--- a/changelog.d/20241018_082221_kurtmckee_eliminate_none_return_values.rst
+++ b/changelog.d/20241018_082221_kurtmckee_eliminate_none_return_values.rst
@@ -7,8 +7,7 @@ Changes
     ``InactiveTokenError`` is a subclass of ``ValueError``.
 
     Existing code that calls ``AuthState.introspect_token()`` no longer returns ``None``, either,
-    but will instead raise ``ValueError``, a subclass of ``ValueError``,
-    or a ``globus_sdk.GlobusAPIError``:
+    but will instead raise ``ValueError`` (or a subclass) or a ``globus_sdk.GlobusAPIError``:
 
     *   ``AuthState.get_authorizer_for_scope``
     *   ``AuthState.effective_identity``
diff --git a/src/globus_action_provider_tools/authentication.py b/src/globus_action_provider_tools/authentication.py
index 7d858a6..2ed6e28 100644
--- a/src/globus_action_provider_tools/authentication.py
+++ b/src/globus_action_provider_tools/authentication.py
@@ -122,7 +122,7 @@ def _verify_introspect_result(self, introspect_result: GlobusHTTPResponse) -> No
         """
 
         if not introspect_result["active"]:
-            raise InactiveTokenError("The token is invalid or has been revoked")
+            raise InactiveTokenError("The token is invalid.")
 
         # validate scopes, ensuring that the token provided accords with the service's
         # notion of what operations exist and are supported
@@ -239,7 +239,7 @@ def get_authorizer_for_scope(
         ``required_authorizer_expiration_time``, it is treated as a failure.
         """
 
-        had_cached_value, dependent_tokens = self._get_cached_dependent_tokens()
+        retrieved_from_cache, dependent_tokens = self._get_cached_dependent_tokens()
 
         # if the dependent token data (which could have been cached) failed to meet
         # the requirements...
@@ -251,8 +251,8 @@ def get_authorizer_for_scope(
             # there's no reason to expect new tokens would do better
             # fail, but do not clear the cache -- it could be satisfactory
             # for some other scope request
-            if not had_cached_value:
-                raise ValueError("No matching cached dependent tokens found")
+            if not retrieved_from_cache:
+                raise ValueError("Dependent tokens do not match request.")
 
             # otherwise, the cached value was bad -- fetch and check again,
             # by clearing the cache and asking for the same data
@@ -264,7 +264,7 @@ def get_authorizer_for_scope(
             if not self._dependent_token_response_satisfies_scope_request(
                 dependent_tokens, scope, required_authorizer_expiration_time
             ):
-                raise ValueError("Refreshed dependent tokens still don't match")
+                raise ValueError("Dependent tokens do not match request.")
 
         token_data = dependent_tokens.by_scopes[scope]