diff --git a/client/client.go b/client/client.go
index a2491a4..cc8b5e6 100644
--- a/client/client.go
+++ b/client/client.go
@@ -43,32 +43,36 @@ func NewClient(cnf Config) (*Client, error) {
 		cnf.HttpClient.SetBaseURL(cnf.HostURL)
 	}
 
-	if cnf.ServiceToken == "" && cnf.ClientId == "" && cnf.ClientSecret == "" {
+	// Add more auth strategies here later
+	var usingServiceToken = cnf.ServiceToken != ""
+	var usingUniversalAuth = cnf.ClientId != "" && cnf.ClientSecret != ""
+
+	// Check if the user got multiple configured authentication methods, or none set at all.
+	if usingServiceToken && usingUniversalAuth {
+		return nil, fmt.Errorf("you have configured multiple authentication methods, please only use one")
+	} else if !usingServiceToken && !usingUniversalAuth {
 		return nil, fmt.Errorf("you must configure a authentication method such as service tokens or Universal Auth before making calls")
 	}
 
-	var authToken string
-
-	if cnf.ClientId != "" && cnf.ClientSecret != "" {
+	if usingUniversalAuth {
 		token, err := Client{cnf}.UniversalMachineIdentityAuth()
 
 		if err != nil {
 			return nil, fmt.Errorf("unable to authenticate with universal machine identity [err=%s]", err)
 		}
 
-		authToken = token
+		cnf.HttpClient.SetAuthToken(token)
 		cnf.AuthStrategy = AuthStrategy.UNIVERSAL_MACHINE_IDENTITY
-	}
-	if cnf.ServiceToken != "" && authToken == "" {
-		authToken = cnf.ServiceToken
+	} else if usingServiceToken {
+		cnf.HttpClient.SetAuthToken(cnf.ServiceToken)
 		cnf.AuthStrategy = AuthStrategy.SERVICE_TOKEN
-	}
-
-	if authToken != "" {
-		cnf.HttpClient.SetAuthToken(authToken)
 	} else {
-		return nil, fmt.Errorf("no authentication credentials provided. You must define the service_token, or client_id and client_secret field of the provider")
+		// If no auth strategy is set, then we should return an error
+		return nil, fmt.Errorf("you must configure a authentication method such as service tokens or Universal Auth before making calls")
 	}
+
+	// These two if statements were a part of an older migration.
+	// And when people upgraded to the newer version, we needed a way to indicate that the EnvSlug and SecretsPath are no longer defined on a provider-level.
 	if cnf.EnvSlug != "" {
 		return nil, fmt.Errorf("you must set the environment before making calls")
 	}