diff --git a/auth/auth.go b/auth/auth.go
index fdaaf7e..e238bbe 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -61,10 +61,10 @@ func (a *Auth) NewToken(userId UserId, deviceId DeviceId, scope AuthScope) (*Aut
 
 // NOTE - not stubbing methods of structs like this. more convoluted than it's worth right now
 func (at *AuthToken) ScopeValid(required AuthScope) bool {
-	// So far the only scope issued. Used to have more, didn't want to delete
-	// this feature yet in case we add more again. We'll delete it if it's of
-	// no use and ends up complicating anything.
-	return at.Scope == ScopeFull
+	// So far * is the only scope issued. Used to have more, didn't want to
+	// delete this feature yet in case we add more again. We'll delete it if it's
+	// of no use and ends up complicating anything.
+	return at.Scope == ScopeFull || at.Scope == required
 }
 
 func (p Password) Obfuscate() string {
diff --git a/auth/auth_test.go b/auth/auth_test.go
index 5b95b0e..10f2bfe 100644
--- a/auth/auth_test.go
+++ b/auth/auth_test.go
@@ -6,7 +6,6 @@ import (
 
 // Test stubs for now
 
-
 func TestAuthNewTokenSuccess(t *testing.T) {
 	t.Fatalf("Test me: New token passes. Different scopes etc.")
 }
@@ -16,9 +15,24 @@ func TestAuthNewTokenFail(t *testing.T) {
 }
 
 func TestAuthScopeValid(t *testing.T) {
-	t.Fatalf("Test me: Scope Valid tests")
+	fullAuthToken := AuthToken{Scope: "*"}
+	if !fullAuthToken.ScopeValid("*") {
+		t.Fatalf("Expected * to be a valid scope for *")
+	}
+	if !fullAuthToken.ScopeValid("banana") {
+		t.Fatalf("Expected * to be a valid scope for banana")
+	}
+
+	bananaAuthToken := AuthToken{Scope: "banana"}
+	if !bananaAuthToken.ScopeValid("banana") {
+		t.Fatalf("Expected banana to be a valid scope for banana")
+	}
 }
 
 func TestAuthScopeInvalid(t *testing.T) {
-	t.Fatalf("Test me: Scope Invalid tests")
+	bananaAuthToken := AuthToken{Scope: "banana"}
+
+	if bananaAuthToken.ScopeValid("*") {
+		t.Fatalf("Expected banana to be an invalid scope for *")
+	}
 }
diff --git a/server/auth_test.go b/server/auth_test.go
index 5b02419..42ccdd0 100644
--- a/server/auth_test.go
+++ b/server/auth_test.go
@@ -156,4 +156,3 @@ func TestServerAuthHandlerErrors(t *testing.T) {
 func TestServerValidateAuthRequest(t *testing.T) {
 	t.Fatalf("Test me: Implement and test AuthRequest.validate()")
 }
-