diff --git a/oauth2_lib/fastapi.py b/oauth2_lib/fastapi.py
index 8c3c722..5b72483 100644
--- a/oauth2_lib/fastapi.py
+++ b/oauth2_lib/fastapi.py
@@ -209,13 +209,13 @@ async def authenticate(self, request: HTTPConnection, token: Optional[str] = Non
                 token_or_extracted_id_token = token
             else:
                 request = cast(Request, request)
+                if await self.is_bypassable_request(request):
+                    return None
                 if token is None:
                     extracted_id_token = await self.id_token_extractor.extract(request)
                     if not extracted_id_token:
                         return None
                     token_or_extracted_id_token = extracted_id_token
-                elif await self.is_bypassable_request(request):
-                    return None
                 else:
                     token_or_extracted_id_token = token
 
diff --git a/tests/test_fastapi.py b/tests/test_fastapi.py
index 737e289..a444d39 100644
--- a/tests/test_fastapi.py
+++ b/tests/test_fastapi.py
@@ -192,7 +192,6 @@ class OIDCAuthMock(OIDCAuth):
             async def is_bypassable_request(request: Request) -> bool:
                 return True
 
-        OIDCAuth.is_bypassable_request = staticmethod(lambda req: True)
         oidc_auth = OIDCAuthMock(
             "openid_url", "openid_url/.well-known/openid-configuration", "id", "secret", OIDCUserModel
         )