diff --git a/endpoint/src/error.rs b/endpoint/src/error.rs
index 380761b..fd72b1d 100644
--- a/endpoint/src/error.rs
+++ b/endpoint/src/error.rs
@@ -39,6 +39,7 @@ pub(crate) struct OAuth2ErrorMessage {
     pub(crate) error_description: &'static str,
 }
 
+
 #[derive(Serialize, Deserialize, JsonSchema, PartialEq, Debug)]
 #[serde(crate = "rocket::serde")]
 /// Response with an error code of `BadRequest`. See Chapter "Error Codes" of the Tech Specs for mor details.
diff --git a/endpoint/src/main.rs b/endpoint/src/main.rs
index 5cd402e..8cf714e 100644
--- a/endpoint/src/main.rs
+++ b/endpoint/src/main.rs
@@ -16,15 +16,18 @@ mod error;
 mod sample_data;
 
 use std::cmp::min;
+use std::collections::HashMap;
 
 use auth::UserToken;
 use chrono::{DateTime, Utc};
 use either::Either;
+use error::OAuth2ErrorMessage;
 use lambda_web::{is_running_on_lambda, launch_rocket_on_lambda, LambdaError};
 use okapi::openapi3::{Object, Parameter, ParameterValue};
 use rocket::catch;
 use rocket::form::Form;
 use rocket::request::FromRequest;
+use rocket::response::content;
 use rocket::serde::json::Json;
 use rocket_okapi::rapidoc::{
     make_rapidoc, GeneralConfig, HideShowConfig, RapiDocConfig, Theme, UiConfig,
@@ -447,6 +450,37 @@ async fn main() -> Result<(), LambdaError> {
 #[cfg(test)]
 const EXAMPLE_HOST: &str = "api.pathfinder.sine.dev";
 
+#[test]
+fn invalid_credentials_test() {
+    let auth_uri = "/2/auth/token";
+
+    let credentials = base64::encode("hello:wrong_password");
+    let basic_auth = format!("Basic {credentials}");
+    let client = &Client::tracked(create_server()).unwrap();
+
+    let resp = client
+        .post(auth_uri)
+        .header(rocket::http::Header::new("Host", "127.0.0.1:8000"))
+        .header(rocket::http::Header::new("Authorization", basic_auth))
+        .header(rocket::http::Header::new(
+            "Content-Type",
+            "application/x-www-form-urlencoded",
+        ))
+        .body("grant_type=client_credentials")
+        .dispatch();
+
+    let error_response: HashMap<String, String> = resp.into_json().unwrap();
+
+    assert_eq!(
+        error_response.get("error"),
+        Some(&"unauthorized_client".to_string())
+    );
+    assert_eq!(
+        error_response.get("error_description"),
+        Some(&"Invalid client credentials".to_string())
+    );
+}
+
 #[test]
 fn get_list_test() {
     let token = UserToken {