diff --git a/README.md b/README.md
index 1f95709b..1a1cb9f6 100644
--- a/README.md
+++ b/README.md
@@ -100,8 +100,8 @@ install/remove cert-manager from your cluster.
 
 ### User Authentication
 
-Users can use `oc whoami --show-token` to retrieve their OpenShift OAuth token
-for the currently logged in user account. This token can be used when directly
+Users can use `oc whoami --show-token | base64` to retrieve their encoded OpenShift OAuth token
+for the currently logged in user account. This encoded token can be used when directly
 interacting with the deployed Cryostat instance(s), for example on the
 web-client login page.
 
diff --git a/docs/api.md b/docs/api.md
index ed2c1533..f5fb112c 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -281,7 +281,7 @@ status:
 
 If running on OpenShift, you will need to pass your bearer token with the `curl` request. (You may also need -k if your test cluster uses a self-signed certificate)
 ```shell
-$ curl -k -H "Authorization: Bearer $(oc whoami -t)" \
+$ curl -k -H "Authorization: Bearer $(oc whoami -t | base64)" \
 https://cryostat-sample-cryostat-operator-system.apps-crc.testing:443/api/v1/recordings/10-217-0-29_my-recording_20210429T220400Z.jfr \
 my-recording.jfr
 ```
diff --git a/internal/controllers/common/common_reconciler.go b/internal/controllers/common/common_reconciler.go
index 560aad7b..81ae5fc9 100644
--- a/internal/controllers/common/common_reconciler.go
+++ b/internal/controllers/common/common_reconciler.go
@@ -38,6 +38,7 @@ package common
 
 import (
 	"context"
+	b64 "encoding/base64"
 	"errors"
 	"fmt"
 	"net/url"
@@ -130,7 +131,7 @@ func (r *commonReconciler) GetCryostatClient(ctx context.Context, namespace stri
 	if err != nil {
 		return nil, err
 	}
-	strTok := string(tok)
+	strTok := b64.StdEncoding.EncodeToString(tok)
 
 	// Get JMX authentication credentials, if present
 	var jmxCreds *cryostatClient.JMXAuthCredentials
diff --git a/internal/test/handlers.go b/internal/test/handlers.go
index 657d6a6f..0bbb99ad 100644
--- a/internal/test/handlers.go
+++ b/internal/test/handlers.go
@@ -341,7 +341,7 @@ func NewTemplates() []operatorv1beta1.TemplateInfo {
 }
 
 func verifyToken() http.HandlerFunc {
-	return ghttp.VerifyHeaderKV("Authorization", "Bearer myToken")
+	return ghttp.VerifyHeaderKV("Authorization", "Bearer bXlUb2tlbg==")
 }
 
 func verifyJMXAuth() http.HandlerFunc {