All errors from get_token should probably be ErrorKind::Credential, assuming we believe that variant is useful, however they should also expose any HTTP response received from the token request because the application may want to inspect that. A couple options to consider off the top of my head:

1. ErrorKind::Credential arguably isn't necessary so, just remove it and return ErrorKind::HttpResponse as appropriate
2. have ErrorKind::Credential carry an optional RawResponse