diff --git a/src/main/java/se/su/dsv/oauth2/staging/CustomAuthorizationEndpointFilter.java b/src/main/java/se/su/dsv/oauth2/staging/CustomAuthorizationEndpointFilter.java
index 036b685..b49c94a 100644
--- a/src/main/java/se/su/dsv/oauth2/staging/CustomAuthorizationEndpointFilter.java
+++ b/src/main/java/se/su/dsv/oauth2/staging/CustomAuthorizationEndpointFilter.java
@@ -92,6 +92,10 @@ public class CustomAuthorizationEndpointFilter extends HttpFilter {
             throws IOException
     {
         if (Objects.equals(request.getMethod(), "GET")) {
+            // Validate authorization request
+            // This will throw if the request is not valid
+            authenticationConverter.convert(request);
+
             String authorizationUrl = getAuthorizationUrl(request);
             JteModel view = templates.authorize(authorizationUrl, loggedInUser.getName(), (ShibbolethAuthenticationDetails) loggedInUser.getDetails());
             respondWithTemplate(response, view);
diff --git a/src/test/java/se/su/dsv/oauth2/StagingProfileTest.java b/src/test/java/se/su/dsv/oauth2/StagingProfileTest.java
index cac604d..6da5cf4 100644
--- a/src/test/java/se/su/dsv/oauth2/StagingProfileTest.java
+++ b/src/test/java/se/su/dsv/oauth2/StagingProfileTest.java
@@ -9,6 +9,7 @@ import org.springframework.test.context.ActiveProfiles;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.containsString;
 import static org.junit.jupiter.api.Assertions.*;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
 import static se.su.dsv.oauth2.ShibbolethRequestProcessor.remoteUser;
@@ -224,4 +225,31 @@ public class StagingProfileTest extends AbstractMetadataCodeFlowTest {
                     assertThat(redirectedUrl, containsString("state=" + state));
                 });
     }
+
+    @Test
+    public void fails_immediately_with_invalid_request_parameters() throws Exception {
+        mockMvc.perform(get(getAuthorizationEndpoint())
+                .with(remoteUser("developer")
+                        .entitlement(DEVELOPER_ENTITLEMENT))
+                .queryParam("response_type", "code")
+                .queryParam("client_id", CLIENT_ID)
+                .queryParam("redirect_uri", REDIRECT_URI)
+                .queryParam("scope", "openid")
+                .queryParam("scope", "profile"))
+                .andExpect(status().isBadRequest())
+                .andExpect(status().reason(containsString("scope")));
+    }
+
+    @Test
+    public void shows_custom_authorization_form_for_valid_requests() throws Exception {
+        mockMvc.perform(get(getAuthorizationEndpoint())
+                .with(remoteUser("developer")
+                        .entitlement(DEVELOPER_ENTITLEMENT))
+                .queryParam("response_type", "code")
+                .queryParam("client_id", CLIENT_ID)
+                .queryParam("redirect_uri", REDIRECT_URI)
+                .queryParam("scope", "openid profile"))
+                .andExpect(status().isOk())
+                .andExpect(content().string(containsString("<form")));
+    }
 }