diff --git a/tests/auth/fixtures/oauth_tokens.xml b/tests/auth/fixtures/oauth_tokens.xml
index 9bfb5a4422..cffa02a39d 100644
--- a/tests/auth/fixtures/oauth_tokens.xml
+++ b/tests/auth/fixtures/oauth_tokens.xml
@@ -5,6 +5,12 @@
 		<column>session_id</column>
 		<column>provider</column>
 		<column>oauth_token</column>
+		<row>
+			<value>1</value>
+			<value>9999</value>
+			<value>auth.provider.oauth.service.testing</value>
+			<value>{"token_class":"phpbb_not_a_token","accessToken":"error","refreshToken":0,"endOfLife":null,"extraParams":null}</value>
+		</row>
 	</table>
 </dataset>
 
diff --git a/tests/auth/phpbb_not_a_token.php b/tests/auth/phpbb_not_a_token.php
new file mode 100644
index 0000000000..61cc14fa10
--- /dev/null
+++ b/tests/auth/phpbb_not_a_token.php
@@ -0,0 +1,23 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class phpbb_not_a_token
+{
+	public function __construct($param1, $param2, $param3, $param4)
+	{
+	}
+
+	public function setEndOfLife()
+	{
+	}
+}
diff --git a/tests/auth/provider_oauth_token_storage_test.php b/tests/auth/provider_oauth_token_storage_test.php
index ec28e546bd..8919345087 100644
--- a/tests/auth/provider_oauth_token_storage_test.php
+++ b/tests/auth/provider_oauth_token_storage_test.php
@@ -13,6 +13,8 @@
 
 use OAuth\OAuth2\Token\StdOAuth2Token;
 
+require_once dirname(__FILE__) . '/phpbb_not_a_token.php';
+
 class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_case
 {
 	protected $db;
@@ -73,6 +75,22 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
 		$this->assertEquals($token, $stored_token);
 	}
 
+	public function test_retrieveAccessToken_wrong_token()
+	{
+		$this->user->data['session_id'] = 9999;
+		try
+		{
+			$this->token_storage->retrieveAccessToken($this->service_name);
+			$this->fail('The token can not be deserialized and an exception should be thrown.');
+		}
+		catch (\OAuth\Common\Storage\Exception\TokenNotFoundException $e)
+		{
+		}
+
+		$row = $this->get_token_row_by_session_id(9999);
+		$this->assertFalse($row);
+	}
+
 	public function test_retrieveAccessToken_from_db()
 	{
 		$expected_token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES);