diff --git a/access-token-provider-api/src/test/java/net/ihe/gazelle/app/accesstokenproviderapi/application/TokenGeneratorTest.java b/access-token-provider-api/src/test/java/net/ihe/gazelle/app/accesstokenproviderapi/application/TokenGeneratorTest.java
index 0e068f7f6b107cedac32f987670e4210f989a784..c3b27b9bf94031932f1a84b22864fe2183c8ea96 100644
--- a/access-token-provider-api/src/test/java/net/ihe/gazelle/app/accesstokenproviderapi/application/TokenGeneratorTest.java
+++ b/access-token-provider-api/src/test/java/net/ihe/gazelle/app/accesstokenproviderapi/application/TokenGeneratorTest.java
@@ -175,4 +175,41 @@ class TokenGeneratorTest {
     }
 
 
+    @Test
+    public void generateAccessTokenEmptyAudienceTest() throws EncodingException, TokenRequestException {
+        AccessTokenRequest accessTokenRequest = new AccessTokenRequest(ISSUER, SUBJECT, "", DURATION, TOKEN_TYPE);
+        accessTokenRequest.setSignature(new SymmetricSignature(ALGORITHM, "secret"));
+
+
+        TokenGenerator tokenGenerator = new TokenGenerator();
+        tokenGenerator.setAudienceSecretRetriever(AUDIENCE_RETRIEVER);
+
+        assertThrows(TokenRequestException.class, () -> tokenGenerator.generateAccessToken(accessTokenRequest), "Unsupported issuer");
+    }
+
+
+    @Test
+    public void generateAccessTokenEmptySecretTest() throws EncodingException, TokenRequestException {
+        AccessTokenRequest accessTokenRequest = new AccessTokenRequest(ISSUER, SUBJECT, "pouet", DURATION, TOKEN_TYPE);
+        accessTokenRequest.setSignature(new SymmetricSignature(ALGORITHM, "secret"));
+
+
+        TokenGenerator tokenGenerator = new TokenGenerator();
+        tokenGenerator.setAudienceSecretRetriever(audience -> "");
+
+        assertThrows(TokenRequestException.class, () -> tokenGenerator.generateAccessToken(accessTokenRequest), "Unsupported issuer");
+    }
+
+
+    @Test
+    public void generateAccessTokenNullSecretTest() throws EncodingException, TokenRequestException {
+        AccessTokenRequest accessTokenRequest = new AccessTokenRequest(ISSUER, SUBJECT, "pouet", DURATION, TOKEN_TYPE);
+        accessTokenRequest.setSignature(new SymmetricSignature(ALGORITHM, "secret"));
+
+
+        TokenGenerator tokenGenerator = new TokenGenerator();
+        tokenGenerator.setAudienceSecretRetriever(audience -> null);
+
+        assertThrows(TokenRequestException.class, () -> tokenGenerator.generateAccessToken(accessTokenRequest), "Unsupported issuer");
+    }
 }