diff --git a/swh/auth/tests/test_auth.py b/swh/auth/tests/test_auth.py
index 4f65567858c726eb8d4a9a4e937381139d1bd964..5013e892a5d8d8b9b0e3b8ac90ce2c82e4e5675a 100644
--- a/swh/auth/tests/test_auth.py
+++ b/swh/auth/tests/test_auth.py
@@ -3,6 +3,8 @@
 # License: GNU Affero General Public License version 3, or any later version
 # See top-level LICENSE file for more information
 
+from urllib.parse import parse_qs, urlparse
+
 import pytest
 
 from swh.auth import KeycloakOpenIDConnect
@@ -23,3 +25,23 @@ def test_auth_well_known(mock_keycloak, keycloak_open_id_connect):
     assert well_known_result == WELL_KNOWN
 
     assert mock_keycloak.called
+
+
+def test_auth_authorization_url(mock_keycloak, keycloak_open_id_connect):
+    actual_auth_uri = keycloak_open_id_connect.authorization_url(
+        "http://redirect-uri", foo="bar"
+    )
+
+    expected_auth_url = WELL_KNOWN["authorization_endpoint"]
+    parsed_result = urlparse(actual_auth_uri)
+    assert expected_auth_url.endswith(parsed_result.path)
+
+    parsed_query = parse_qs(parsed_result.query)
+    assert parsed_query == {
+        "client_id": ["client-id"],
+        "response_type": ["code"],
+        "redirect_uri": ["http://redirect-uri"],
+        "foo": ["bar"],
+    }
+
+    assert mock_keycloak.called