diff --git a/discovery/marathon/marathon.go b/discovery/marathon/marathon.go
index cfd3e2c083..ef897234db 100644
--- a/discovery/marathon/marathon.go
+++ b/discovery/marathon/marathon.go
@@ -106,14 +106,18 @@ func (c *SDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	if len(c.AuthToken) > 0 && len(c.AuthTokenFile) > 0 {
 		return errors.New("marathon_sd: at most one of auth_token & auth_token_file must be configured")
 	}
-	if c.HTTPClientConfig.BasicAuth != nil && (len(c.AuthToken) > 0 || len(c.AuthTokenFile) > 0) {
-		return errors.New("marathon_sd: at most one of basic_auth, auth_token & auth_token_file must be configured")
-	}
-	if (len(c.HTTPClientConfig.BearerToken) > 0 || len(c.HTTPClientConfig.BearerTokenFile) > 0) && (len(c.AuthToken) > 0 || len(c.AuthTokenFile) > 0) {
-		return errors.New("marathon_sd: at most one of bearer_token, bearer_token_file, auth_token & auth_token_file must be configured")
-	}
-	if c.HTTPClientConfig.Authorization != nil && (len(c.AuthToken) > 0 || len(c.AuthTokenFile) > 0) {
-		return errors.New("marathon_sd: at most one of auth_token, auth_token_file & authorization must be configured")
+
+	isAuthTokenProvided := len(c.AuthToken) > 0 || len(c.AuthTokenFile) > 0
+	if isAuthTokenProvided {
+		if c.HTTPClientConfig.BasicAuth != nil {
+			return errors.New("marathon_sd: at most one of basic_auth, auth_token & auth_token_file must be configured")
+		}
+		if len(c.HTTPClientConfig.BearerToken) > 0 || len(c.HTTPClientConfig.BearerTokenFile) > 0 {
+			return errors.New("marathon_sd: at most one of bearer_token, bearer_token_file, auth_token & auth_token_file must be configured")
+		}
+		if c.HTTPClientConfig.Authorization != nil {
+			return errors.New("marathon_sd: at most one of auth_token, auth_token_file & authorization must be configured")
+		}
 	}
 	return c.HTTPClientConfig.Validate()
 }