diff --git a/oras/auth/token.py b/oras/auth/token.py
index 9273f7f..5c5491e 100644
--- a/oras/auth/token.py
+++ b/oras/auth/token.py
@@ -124,7 +124,7 @@ def request_token(self, h: auth_utils.authHeader):
 
         # Ensure the realm starts with http
         if not h.realm.startswith("http"):
-            h.realm = f"http://{h.realm}"  # TODO: Should this be htts
+            h.realm = f"http://{h.realm}"  # TODO: Should this be https
 
         # If the www-authenticate included a scope, honor it!
         if h.scope: