diff --git a/controller/northbound/server/auth_interceptor_test.go b/controller/northbound/server/auth_interceptor_test.go
new file mode 100644
index 0000000000000000000000000000000000000000..6380a356870f4d5cfffb4c1a8f61dae8266c7270
--- /dev/null
+++ b/controller/northbound/server/auth_interceptor_test.go
@@ -0,0 +1,102 @@
+package server
+
+import (
+	"context"
+	"log"
+	"net"
+	"testing"
+
+	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
+	"code.fbi.h-da.de/danet/gosdn/controller/rbac"
+	"code.fbi.h-da.de/danet/gosdn/controller/store"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/test/bufconn"
+)
+
+func dialer() func(context.Context, string) (net.Conn, error) {
+	listener := bufconn.Listen(1024 * 1024)
+
+	interceptor := NewAuthInterceptor(jwt)
+	server := grpc.NewServer(grpc.UnaryInterceptor(interceptor.Unary()), grpc.StreamInterceptor(interceptor.Stream()))
+
+	apb.RegisterUserServiceServer(server, &User{})
+
+	go func() {
+		if err := server.Serve(listener); err != nil {
+			log.Fatal(err)
+		}
+	}()
+
+	return func(context.Context, string) (net.Conn, error) {
+		return listener.Dial()
+	}
+}
+
+func TestAuthInterceptor_Unary(t *testing.T) {
+	token, err := jwt.GenerateToken(rbac.User{UserName: "testAdmin"})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	user, err := userc.Get(store.Query{Name: "testAdmin"})
+	if err != nil {
+		log.Fatal(err)
+	}
+	user.SetToken(token)
+
+	err = userc.Update(user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	md := metadata.Pairs("authorize", token)
+
+	type args struct {
+		ctx     context.Context
+		request *apb.GetUsersRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.GetUsersResponse
+		wantErr bool
+	}{
+		{
+			name: "default unary interceptor",
+			args: args{
+				ctx:     metadata.NewOutgoingContext(context.Background(), md),
+				request: &apb.GetUsersRequest{},
+			},
+			want: &apb.GetUsersResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: false,
+		},
+	}
+
+	ctx := context.Background()
+	conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer conn.Close()
+
+	client := apb.NewUserServiceClient(conn)
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := client.GetUsers(tt.args.ctx, tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("AuthInterceptor.Unary() = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+
+			if got.Status != tt.want.Status {
+				t.Errorf("AuthInterceptor.Unary() = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+		})
+	}
+}