diff --git a/distribution/lib/Standard/Base/0.0.0-dev/src/Enso_Cloud/Internal/Utils.enso b/distribution/lib/Standard/Base/0.0.0-dev/src/Enso_Cloud/Internal/Utils.enso
index 63a4aab20e10..bfdfad96048c 100644
--- a/distribution/lib/Standard/Base/0.0.0-dev/src/Enso_Cloud/Internal/Utils.enso
+++ b/distribution/lib/Standard/Base/0.0.0-dev/src/Enso_Cloud/Internal/Utils.enso
@@ -41,7 +41,8 @@ authorization_header =
     token = AuthenticationProvider.getToken.if_nothing <|
         f = credentials_file
         if f.exists.not then Error.throw Not_Logged_In else
-            AuthenticationProvider.setToken (f.read_text)
+            access_token = read_access_token f
+            AuthenticationProvider.setToken access_token
     Header.authorization_bearer token
 
 ## PRIVATE
@@ -50,6 +51,18 @@ credentials_file = case Environment.get "ENSO_CLOUD_CREDENTIALS_FILE" of
     Nothing -> File.home / ".enso" / "credentials"
     path -> File.new path
 
+## PRIVATE
+   Reads the access token from the provided credentials file.
+
+   It supports both the old (raw string) and new (JSON) formats.
+read_access_token (file:File) -> Text =
+    content = file.read_text
+    as_json = content.parse_json
+    # If this is not valid JSON, we assume old format - raw token.
+    if as_json.is_error then content else
+        # Otherwise, we extract the token from JSON:
+        as_json.get "access_token" if_missing=(Error.throw "Invalid credentials file format: missing field `access_token`.")
+
 ## PRIVATE
    Root address for listing folders
 directory_api = cloud_root_uri + "directories"