diff --git a/fastapimsal/auth_routes.py b/fastapimsal/auth_routes.py
index c2acfb1..761bcc4 100644
--- a/fastapimsal/auth_routes.py
+++ b/fastapimsal/auth_routes.py
@@ -81,6 +81,10 @@ async def authorized(request: Request) -> RedirectResponse:
             request.session.pop("flow", None)
 
             # Just store the oid (https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens) in a signed cookie
+            if result.get("error"):
+                raise RuntimeError(
+                    f"{result.get('error')}: {result.get('error_description')}"
+                )
             oid = result.get("id_token_claims").get("oid")
             await f_save_cache(oid, cache)
             request.session["user"] = oid