diff --git a/security/guard_authentication.rst b/security/guard_authentication.rst
index 847479c371f..ed7d84e2b89 100644
--- a/security/guard_authentication.rst
+++ b/security/guard_authentication.rst
@@ -164,14 +164,15 @@ This requires you to implement six methods::
     class TokenAuthenticator extends AbstractGuardAuthenticator
     {
         /**
-         * Called on every request. Return whatever credentials you want,
-         * or null to stop authentication.
+         * Called on every request. Return whatever credentials you want to
+         * be passed to getUser(). Returning null will cause this authenticator
+         * to be skipped.
          */
         public function getCredentials(Request $request)
         {
             if (!$token = $request->headers->get('X-AUTH-TOKEN')) {
-                // no token? Return null and no other methods will be called
-                return;
+                // No token?
+                $token = null;
             }
 
             // What you return here will be passed to getUser() as $credentials