diff --git a/authorizer/src/asapo_authorizer/server/authorize_test.go b/authorizer/src/asapo_authorizer/server/authorize_test.go
index 4085b1b5b473ebbae4a06998e73e509ddee12c9b..47958c961bdc8bf523d6bdb80a45db3a33441daf 100644
--- a/authorizer/src/asapo_authorizer/server/authorize_test.go
+++ b/authorizer/src/asapo_authorizer/server/authorize_test.go
@@ -14,9 +14,9 @@ import (
 	"testing"
 )
 
-func prepareToken(beamtime_or_beamline string) string{
+func prepareToken(payload string) string{
 	authHMAC = utils.NewHMACAuth("secret")
-	token, _ := authHMAC.GenerateToken(&beamtime_or_beamline)
+	token, _ := authHMAC.GenerateToken(&payload)
 	return token
 }
 
@@ -52,6 +52,19 @@ func doPostRequest(path string,buf string) *httptest.ResponseRecorder {
 	return w
 }
 
+
+func doGetRequest(path string,token string) *httptest.ResponseRecorder {
+	mux := utils.NewRouter(listRoutes)
+
+	req, _ := http.NewRequest("GET", path, nil)
+	req.Header.Add("Authorization", authHMAC.Name() + token)
+
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+	return w
+}
+
+
 var credTests = [] struct {
 	request string
 	cred SourceCredentials
diff --git a/authorizer/src/asapo_authorizer/server/issue_token_test.go b/authorizer/src/asapo_authorizer/server/issue_token_test.go
new file mode 100644
index 0000000000000000000000000000000000000000..0f53297b4a3aa98691be8fec41b0f00334f207cc
--- /dev/null
+++ b/authorizer/src/asapo_authorizer/server/issue_token_test.go
@@ -0,0 +1,57 @@
+package server
+
+import (
+	"asapo_common/utils"
+	"fmt"
+	"github.com/stretchr/testify/assert"
+	"io/ioutil"
+	"net/http"
+	"strconv"
+	"testing"
+	"time"
+)
+
+var  IssueTokenTests = [] struct {
+	beamtimeId string
+	beamline string
+	role string
+	validDays string
+	adminToken string
+	resToken string
+	status int
+	message string
+}{
+	{"test", "","read","180",prepareToken("admin"),"aaa",http.StatusOK,"read for beamtime"},
+	{"test", "","read","180",prepareToken("admin"),"aaa",http.StatusOK,"write for beamtime"},
+	{"", "test","read","180",prepareToken("admin"),"aaa",http.StatusOK,"read for beamline"},
+	{"test", "test","read","180",prepareToken("bla"),"",http.StatusBadRequest,"both beamline/beamtime given"},
+	{"", "","read","180",prepareToken("bla"),"",http.StatusBadRequest,"beamline or beamtime not given"},
+	{"test", "","bla","180",prepareToken("bla"),"",http.StatusBadRequest,"wrong role"},
+	{"test", "","read","aaa",prepareToken("bla"),"",http.StatusBadRequest,"wrong duration"},
+	{"test", "","read","180",prepareToken("bla"),"",http.StatusUnauthorized,"wrong admin token"},
+}
+
+func TestIssueToken(t *testing.T) {
+	for _, test := range IssueTokenTests {
+		authJWT = utils.NewJWTAuth("secret")
+		path := "/admin/issue"+"?beamtime="+test.beamtimeId+"&beamline="+test.beamline+"&valid="+test.validDays+"&role="+test.role
+		w := doGetRequest(path,test.adminToken)
+		if w.Code == http.StatusOK {
+			body, _ := ioutil.ReadAll(w.Body)
+			claims,_ := utils.CheckJWTToken(string(body),"secret")
+			cclaims,_:= claims.(*utils.CustomClaims)
+			var extra_claim utils.AccessTokenExtraClaim
+			utils.MapToStruct(claims.(*utils.CustomClaims).ExtraClaims.(map[string]interface{}), &extra_claim)
+			assert.Equal(t, cclaims.Subject , test.beamtimeId+test.beamline, test.message)
+			day,_:=strconv.Atoi(test.validDays)
+			assert.Equal(t, cclaims.Duration , time.Duration(24*day)*time.Hour, test.message)
+			assert.Equal(t, extra_claim.Role , test.role, test.message)
+		} else {
+			body, _ := ioutil.ReadAll(w.Body)
+			fmt.Println(string(body))
+		}
+
+		assert.Equal(t, test.status, w.Code, test.message)
+	}
+}
+
diff --git a/common/go/src/asapo_common/utils/authorization.go b/common/go/src/asapo_common/utils/authorization.go
index aac273c5a213b2fd79abe03a55e025a37c666523..cbb4f2259f8485331d16f7e2529cf886013bdf68 100644
--- a/common/go/src/asapo_common/utils/authorization.go
+++ b/common/go/src/asapo_common/utils/authorization.go
@@ -184,7 +184,7 @@ func NewHMACAuth(key string) *HMACAuth {
 }
 
 func (a *HMACAuth) Name() string {
-	return "Bearer"
+	return "HMAC-SHA-256"
 }
 
 
@@ -209,6 +209,7 @@ func (h HMACAuth) GenerateToken(val ...interface{}) (string, error) {
 	return sha, nil
 }
 
+// not used
 func ProcessHMACAuth(fn http.HandlerFunc, key string) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 
@@ -222,7 +223,7 @@ func ProcessHMACAuth(fn http.HandlerFunc, key string) http.HandlerFunc {
 		value := "beamline"
 		if authType == "HMAC-SHA-256" {
 			if !CheckHMACToken(value, token, key) {
-				http.Error(w, "Internal authorization error - tocken does not match", http.StatusUnauthorized)
+				http.Error(w, "Internal authorization error - token does not match", http.StatusUnauthorized)
 				return
 			}
 		} else {
diff --git a/common/go/src/asapo_common/utils/structs.go b/common/go/src/asapo_common/utils/structs.go
index 37f7a1f567f2f39b8ff953d8796a19d1e6e8f1bc..e758e6aede6f57affa937ee0bb25240df7beeff0 100644
--- a/common/go/src/asapo_common/utils/structs.go
+++ b/common/go/src/asapo_common/utils/structs.go
@@ -3,3 +3,7 @@ package utils
 type FolderTokenTokenExtraClaim struct {
 	RootFolder string
 }
+
+type AccessTokenExtraClaim struct {
+	Role string
+}