diff --git a/cameleer-server-app/src/test/java/com/cameleer/server/app/security/JwtRevocationIT.java b/cameleer-server-app/src/test/java/com/cameleer/server/app/security/JwtRevocationIT.java
index 675a63e3..bcd2837e 100644
--- a/cameleer-server-app/src/test/java/com/cameleer/server/app/security/JwtRevocationIT.java
+++ b/cameleer-server-app/src/test/java/com/cameleer/server/app/security/JwtRevocationIT.java
@@ -4,6 +4,7 @@ import com.cameleer.server.app.AbstractPostgresIT;
 import com.cameleer.server.core.security.JwtService;
 import com.cameleer.server.core.security.UserInfo;
 import com.cameleer.server.core.security.UserRepository;
+import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.web.client.TestRestTemplate;
@@ -35,6 +36,12 @@ class JwtRevocationIT extends AbstractPostgresIT {
     @Autowired
     private UserRepository userRepository;
 
+    @AfterEach
+    void cleanup() {
+        userRepository.delete("revoke-me");
+        userRepository.delete("never-revoked");
+    }
+
     @Test
     void revokedTokenIsRejectedOnAuthenticatedRequest() {
         userRepository.upsert(new UserInfo(
@@ -51,6 +58,17 @@ class JwtRevocationIT extends AbstractPostgresIT {
         assertThat(after.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
     }
 
+    @Test
+    void unrevokedUserTokenIsAccepted() {
+        userRepository.upsert(new UserInfo(
+                "never-revoked", "local", "", "Never Revoked", Instant.now()));
+        String accessToken = jwtService.createAccessToken(
+                "user:never-revoked", "user", List.of("VIEWER"));
+
+        ResponseEntity<String> resp = call(accessToken);
+        assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.OK);
+    }
+
     private ResponseEntity<String> call(String accessToken) {
         HttpHeaders headers = new HttpHeaders();
         headers.setBearerAuth(accessToken);