diff --git a/RHEL-83520-fence_ibm_vpc-refresh-bearer-token.patch b/RHEL-83520-fence_ibm_vpc-refresh-bearer-token.patch
new file mode 100644
index 0000000..eb8568f
--- /dev/null
+++ b/RHEL-83520-fence_ibm_vpc-refresh-bearer-token.patch
@@ -0,0 +1,38 @@
+From 293b3961149f680ead9028e6719c405957abc6b7 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Thu, 13 Mar 2025 16:40:30 +0100
+Subject: [PATCH] fence_ibm_vpc: refresh bearer-token in connect() if token
+ data is corrupt, and avoid edge-case of writing empty token file
+
+---
+ agents/ibm_vpc/fence_ibm_vpc.py | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/agents/ibm_vpc/fence_ibm_vpc.py b/agents/ibm_vpc/fence_ibm_vpc.py
+index 035a3235a..efda5eed7 100755
+--- a/agents/ibm_vpc/fence_ibm_vpc.py
++++ b/agents/ibm_vpc/fence_ibm_vpc.py
+@@ -105,6 +105,8 @@ def get_bearer_token(conn, options):
+ 			except Exception as e:
+ 				logging.error("Failed: Unable to authenticate: {}".format(e))
+ 				fail(EC_LOGIN_DENIED)
++			if len(token) < 1:
++				fail(EC_LOGIN_DENIED)
+ 			file_obj.write(token)
+ 	finally:
+ 		os.umask(oldumask)
+@@ -152,6 +154,14 @@ def connect(opt):
+ 	# set auth token for later requests
+ 	conn = set_bearer_token(conn, bearer_token)
+ 
++	try:
++		command = "instances?version=2021-05-25&generation=2&limit=1"
++		res = send_command(conn, opt, command)
++	except Exception as e:
++		logging.warning("Failed to login/connect. Updating bearer-token.")
++		bearer_token = get_bearer_token(conn, opt)
++		conn = set_bearer_token(conn, bearer_token)
++
+ 	return conn
+ 
+ def disconnect(conn):
diff --git a/fence-agents.spec b/fence-agents.spec
index 244a699..b093a67 100644
--- a/fence-agents.spec
+++ b/fence-agents.spec
@@ -13,7 +13,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.16.0
-Release: 5%{?alphatag:.%{alphatag}}%{?dist}
+Release: 6%{?alphatag:.%{alphatag}}%{?dist}
 License: GPL-2.0-or-later AND LGPL-2.0-or-later
 URL: https://github.com/ClusterLabs/fence-agents
 Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz
@@ -106,6 +106,7 @@ Patch5: ha-cloud-support-google.patch
 Patch6: bundled-kubevirt.patch
 Patch7: bundled-pycurl.patch
 Patch8: bundled-suds.patch
+Patch9: RHEL-83520-fence_ibm_vpc-refresh-bearer-token.patch
 
 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs drac5 eaton_snmp emerson eps hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
 %ifarch x86_64
@@ -223,6 +224,7 @@ BuildRequires: %{systemd_units}
 %patch -p1 -P 6
 %patch -p1 -P 7
 %patch -p1 -P 8
+%patch -p1 -P 9
 
 # prevent compilation of something that won't get used anyway
 sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
@@ -1182,6 +1184,11 @@ are located on corosync cluster nodes.
 %endif
 
 %changelog
+* Mon Mar 17 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.16.0-6
+- fence_ibm_vpc: refresh bearer-token if token data is corrupt, and
+  avoid edge-case of writing empty token file
+  Resolves: RHEL-83520
+
 * Mon Feb  3 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.16.0-5
 - fence_azure_arm: use azure-identity instead of msrestazure, which has
   been deprecated