diff --git a/src/routes/test/oauth2-test.js b/src/routes/test/oauth2-test.js
index b0f724ea1..15856fc79 100644
--- a/src/routes/test/oauth2-test.js
+++ b/src/routes/test/oauth2-test.js
@@ -721,6 +721,78 @@ describe('OAuth2', function () {
                 });
             });
         });
+
+        describe('callback', function () {
+            before(setup);
+            after(cleanup);
+
+            function startAuthorizationFlow(grant, callback) {
+                var jar = request.jar();
+                var url = SERVER_URL + '/api/v1/oauth/dialog/authorize?redirect_uri=' + CLIENT_2.redirectURI + '&client_id=' + CLIENT_2.id + '&response_type=' + grant;
+
+                request.get(url, { jar: jar }, function (error, response, body) {
+                    expect(error).to.not.be.ok();
+                    expect(response.statusCode).to.eql(200);
+                    expect(body).to.eql('<script>window.location.href = "/api/v1/session/login?returnTo=' + CLIENT_2.redirectURI + '";</script>');
+
+                    request.get(SERVER_URL + '/api/v1/session/login?returnTo=' + CLIENT_2.redirectURI, { jar: jar, followRedirect: false }, function (error, response, body) {
+                        expect(error).to.not.be.ok();
+                        expect(response.statusCode).to.eql(200);
+                        expect(body.indexOf('<!-- login tester -->')).to.not.equal(-1);
+
+                        var url = SERVER_URL + '/api/v1/session/login?returnTo=' + CLIENT_2.redirectURI;
+                        var data = {
+                            username: USER_0.username,
+                            password: USER_0.password
+                        };
+
+                        request.post({ url: url, jar: jar, form: data }, function (error, response, body) {
+                            expect(error).to.not.be.ok();
+                            expect(response.statusCode).to.eql(302);
+
+                            var tmp = urlParse(response.headers.location, true);
+                            expect(tmp.query.redirect_uri).to.eql(CLIENT_2.redirectURI);
+                            expect(tmp.query.client_id).to.eql(CLIENT_2.id);
+                            expect(tmp.query.response_type).to.eql(grant);
+
+                            callback(jar);
+                        });
+                    });
+                });
+            }
+
+            it('sends correct redirect', function (done) {
+                startAuthorizationFlow('code', function (jar) {
+                    var url = SERVER_URL + '/api/v1/oauth/dialog/authorize?redirect_uri=' + CLIENT_2.redirectURI + '&client_id=' + CLIENT_2.id + '&response_type=code';
+
+                    request.get(url, { jar: jar, followRedirect: false }, function (error, response, body) {
+                        expect(error).to.not.be.ok();
+                        expect(response.statusCode).to.eql(302);
+
+                        var tmp = urlParse(response.headers.location, true);
+                        expect(tmp.pathname).to.eql('/api/v1/session/callback');
+                        expect(tmp.query.redirectURI).to.eql(CLIENT_2.redirectURI + '/');
+                        expect(tmp.query.code).to.be.a('string');
+
+                        done();
+                    });
+                });
+            });
+
+            it('is rendered correctly', function (done) {
+                startAuthorizationFlow('code', function (jar) {
+                    var url = SERVER_URL + '/api/v1/oauth/dialog/authorize?redirect_uri=' + CLIENT_2.redirectURI + '&client_id=' + CLIENT_2.id + '&response_type=code';
+
+                    request.get(url, { jar: jar }, function (error, response, body) {
+                        expect(error).to.not.be.ok();
+                        expect(response.statusCode).to.eql(200);
+                        expect(body.indexOf('<!-- callback tester -->')).to.not.equal(-1);
+
+                        done();
+                    });
+                });
+            });
+        });
     });
 });