diff --git a/tests/test_authentication.py b/tests/test_authentication.py
index 837bc57..1f6831f 100644
--- a/tests/test_authentication.py
+++ b/tests/test_authentication.py
@@ -1,5 +1,8 @@
 """Tests for authentication."""
+import pytest
+
 from monzo import authentication
+from monzo.exceptions import MonzoAuthenticationError
 from tests.helpers import Handler, load_data
 
 
@@ -44,3 +47,38 @@ def test_logout(self, mocker):
             path=expected_data['path'],
             timeout=expected_data['timeout']
         )
+
+    def test_authenticate_with_empty_token(self):
+        """
+        Test authenticate raises an error when the authorization token is empty.
+        """
+        auth = authentication.Authentication(
+            client_id='client_id',
+            client_secret='client_secret',
+            redirect_url='',
+        )
+
+        with pytest.raises(MonzoAuthenticationError):
+            auth.authenticate(authorization_token='', state_token='state_token')
+
+    def test_authenticate_state_token_mismatch(self, tmp_path, mocker):
+        """
+        Test authenticate raises an error when the provided state token does not match.
+
+        Args:
+            tmp_path: Pytest fixture for temporary directory.
+            mocker: Pytest mocker fixture.
+        """
+        mocker.patch('monzo.authentication.gettempdir', return_value=str(tmp_path))
+        auth = authentication.Authentication(
+            client_id='client_id',
+            client_secret='client_secret',
+            redirect_url='',
+        )
+        state_token = auth.state_token
+
+        with pytest.raises(MonzoAuthenticationError):
+            auth.authenticate(
+                authorization_token='auth_token',
+                state_token=f'{state_token}invalid',
+            )