diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index efb88c91..2583cc53 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -130,14 +130,9 @@ func (a Authenticator) Authenticate() error {
 	state := oauth2.GenerateVerifier()
 	codeVerifier := oauth2.GenerateVerifier()
 
-	authURL := a.OAuthConfig.AuthCodeURL(
-		state,
-		oauth2.S256ChallengeOption(codeVerifier),
-	)
-
-	err := openBrowser(authURL)
+	err := a.openBrowser(state, codeVerifier)
 	if err != nil {
-		log.Fatal("Could not open browser:", err)
+		return err
 	}
 
 	authCode := a.callback(state)
@@ -151,10 +146,15 @@ func (a Authenticator) Authenticate() error {
 	return nil
 }
 
-func openBrowser(url string) error {
+func (a Authenticator) openBrowser(state, codeVerifier string) error {
 	var cmd string
 	var args []string
 
+	authURL := a.OAuthConfig.AuthCodeURL(
+		state,
+		oauth2.S256ChallengeOption(codeVerifier),
+	)
+
 	switch runtime.GOOS {
 	case "windows":
 		cmd = "cmd"
@@ -164,6 +164,6 @@ func openBrowser(url string) error {
 	default: // "linux", "freebsd", "openbsd", "netbsd"
 		cmd = "xdg-open"
 	}
-	args = append(args, url)
+	args = append(args, authURL)
 	return exec.Command(cmd, args...).Start()
 }
diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go
index a2c74afc..01645562 100644
--- a/internal/auth/auth_test.go
+++ b/internal/auth/auth_test.go
@@ -3,11 +3,37 @@ package auth
 import (
 	"testing"
 
-	"github.com/debricked/cli/internal/client/testdata"
+	"github.com/debricked/cli/internal/auth/testdata"
+	clientTestdata "github.com/debricked/cli/internal/client/testdata"
 	"github.com/stretchr/testify/assert"
 )
 
-func TestNewGeneration(t *testing.T) {
-	res := NewDebrickedAuthenticator(testdata.NewDebClientMock())
+func TestNewAuthenticator(t *testing.T) {
+	res := NewDebrickedAuthenticator(clientTestdata.NewDebClientMock())
 	assert.NotNil(t, res)
 }
+
+func TestMockedLogout(t *testing.T) {
+	authenticator := Authenticator{
+		SecretClient: testdata.MockSecretClient{},
+		OAuthConfig:  nil,
+	}
+	err := authenticator.Logout()
+
+	assert.NoError(t, err)
+
+}
+
+func TestMockedToken(t *testing.T) {
+	authenticator := Authenticator{
+		SecretClient: testdata.MockSecretClient{},
+		OAuthConfig:  nil,
+	}
+	token, err := authenticator.Token()
+
+	assert.NoError(t, err)
+	assert.Equal(t, token.TokenType, "jwt")
+	assert.Equal(t, token.RefreshToken, "token")
+	assert.Equal(t, token.AccessToken, "token")
+
+}
diff --git a/internal/auth/testdata/auth_mock.go b/internal/auth/testdata/auth_mock.go
new file mode 100644
index 00000000..450e044b
--- /dev/null
+++ b/internal/auth/testdata/auth_mock.go
@@ -0,0 +1,25 @@
+package testdata
+
+type MockSecretClient struct{}
+
+func (msc MockSecretClient) Set(service, secret string) error {
+	return nil
+}
+
+func (msc MockSecretClient) Get(service string) (string, error) {
+	return "token", nil
+}
+
+func (msc MockSecretClient) Delete(service string) error {
+	return nil
+}
+
+type MockAuthenticator struct{}
+
+// Authenticate() error
+// Logout() error
+// Token() (*oauth2.Token, error)
+
+func (ma MockAuthenticator) Authenticate() error {
+	return nil
+}