diff --git a/middleware/auth.go b/middleware/auth.go
index dc7067a..04719ca 100644
--- a/middleware/auth.go
+++ b/middleware/auth.go
@@ -128,7 +128,6 @@ func (a *Authenticator) refreshExpiredToken(w http.ResponseWriter, claims token.
 // AdminOnly middleware allows access for admins only
 func (a *Authenticator) AdminOnly(next http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
-
 		user, err := token.GetUserInfo(r)
 		if err != nil {
 			http.Error(w, "Unauthorized", http.StatusUnauthorized)
@@ -141,7 +140,7 @@ func (a *Authenticator) AdminOnly(next http.Handler) http.Handler {
 		}
 		next.ServeHTTP(w, r)
 	}
-	return http.HandlerFunc(fn)
+	return a.auth(true)(http.HandlerFunc(fn))
 }
 
 // basic auth for admin user
diff --git a/middleware/auth_test.go b/middleware/auth_test.go
index 882e7c9..fdd0196 100644
--- a/middleware/auth_test.go
+++ b/middleware/auth_test.go
@@ -270,6 +270,19 @@ func TestAdminRequired(t *testing.T) {
 	resp, err = client.Do(req)
 	require.NoError(t, err)
 	assert.Equal(t, 403, resp.StatusCode, "valid token user, not admin")
+
+	req, err = http.NewRequest("GET", server.URL+"/auth", nil)
+	require.NoError(t, err)
+	resp, err = client.Do(req)
+	require.NoError(t, err)
+	assert.Equal(t, 401, resp.StatusCode, "not authorized")
+
+	req, err = http.NewRequest("GET", server.URL+"/auth", nil)
+	require.NoError(t, err)
+	req.Header.Add("X-JWT", "bad bad token")
+	resp, err = client.Do(req)
+	require.NoError(t, err)
+	assert.Equal(t, 401, resp.StatusCode, "not authorized")
 }
 
 func makeTestMux(t *testing.T, a *Authenticator, required bool) http.Handler {