diff --git a/internal/oidc/client_store_test.go b/internal/oidc/client_store_test.go
new file mode 100644
index 00000000..ec2b8bfc
--- /dev/null
+++ b/internal/oidc/client_store_test.go
@@ -0,0 +1,75 @@
+package oidc
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/labstack/echo/v4"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAuthHandler(t *testing.T) {
+	client := oidcClient{
+		client: mockRelyingParty{isPKCE: false, tokenURL: "https://token.url"},
+		id:     "renku",
+	}
+	store := ClientStore{
+		"renku": client,
+	}
+
+	handler, err := store.AuthHandler("renku", "abcde-12345")
+	require.NoError(t, err)
+
+	e := echo.New()
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	rec := httptest.NewRecorder()
+	c := e.NewContext(req, rec)
+	err = echo.WrapHandler(handler)(c)
+	require.NoError(t, err)
+
+	assert.Equal(t, http.StatusFound, rec.Code)
+	assert.Contains(t, rec.Header().Get("location"), "client_id=mock-client&response_type=code&state=abcde-12345")
+}
+
+func TestAuthHandlerInvalidProvider(t *testing.T) {
+	client := oidcClient{
+		client: mockRelyingParty{isPKCE: false, tokenURL: "https://token.url"},
+		id:     "renku",
+	}
+	store := ClientStore{
+		"renku": client,
+	}
+
+	_, err := store.AuthHandler("another", "abcde-12345")
+	assert.ErrorContains(t, err, "cannot find the provider with ID another")
+}
+
+func TestUserProfileURL(t *testing.T) {
+	client := oidcClient{
+		client: mockRelyingParty{isPKCE: false, tokenURL: "https://token.url"},
+		id:     "renku",
+	}
+	store := ClientStore{
+		"renku": client,
+	}
+
+	profileURL, err := store.UserProfileURL("renku")
+	require.NoError(t, err)
+
+	assert.Equal(t, "https://token.url/account?referrer=renku", profileURL.String())
+}
+
+func TestUserProfileURLInvalidProvider(t *testing.T) {
+	client := oidcClient{
+		client: mockRelyingParty{isPKCE: false, tokenURL: "https://token.url"},
+		id:     "renku",
+	}
+	store := ClientStore{
+		"renku": client,
+	}
+
+	_, err := store.UserProfileURL("another")
+	assert.ErrorContains(t, err, "cannot find the provider with ID another")
+}
diff --git a/internal/oidc/client_test.go b/internal/oidc/client_test.go
index 41d86945..0c83755c 100644
--- a/internal/oidc/client_test.go
+++ b/internal/oidc/client_test.go
@@ -23,12 +23,13 @@ type mockRelyingParty struct {
 
 func (m mockRelyingParty) OAuthConfig() *oauth2.Config {
 	return &oauth2.Config{
+		ClientID: "mock-client",
 		Endpoint: oauth2.Endpoint{TokenURL: m.tokenURL},
 	}
 }
 
 func (m mockRelyingParty) Issuer() string {
-	return ""
+	return "https://token.url"
 }
 
 func (m mockRelyingParty) IsPKCE() bool {