diff --git a/module_build_service/auth.py b/module_build_service/auth.py
index 9c9e2762..43691e2c 100644
--- a/module_build_service/auth.py
+++ b/module_build_service/auth.py
@@ -109,7 +109,7 @@ def get_user(request):
         raise Unauthorized("OIDC token invalid or expired.")
 
     if not "OIDC_REQUIRED_SCOPE" in app.config:
-        raise Unauthorized("OIDC_REQUIRED_SCOPE must be set in server config.")
+        raise Forbidden("OIDC_REQUIRED_SCOPE must be set in server config.")
 
     presented_scopes = data['scope'].split(' ')
     required_scopes = [
@@ -119,7 +119,7 @@ def get_user(request):
     ]
     for scope in required_scopes:
         if scope not in presented_scopes:
-            raise Forbidden("Required OIDC scope %r not present: %r" % (
+            raise Unauthorized("Required OIDC scope %r not present: %r" % (
                 scope, presented_scopes))
 
     try:
diff --git a/tests/test_auth.py b/tests/test_auth.py
index 12a9184f..2c562cba 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -109,7 +109,7 @@ class TestAuthModule(unittest.TestCase):
     @patch('module_build_service.auth.client_secrets', None)
     def test_misconfiguring_oidc_client_secrets_should_be_failed(self):
         request = mock.MagicMock()
-        with self.assertRaises(module_build_service.errors.Unauthorized) as cm:
+        with self.assertRaises(module_build_service.errors.Forbidden) as cm:
             module_build_service.auth.get_user(request)
 
         self.assertEquals(str(cm.exception),
@@ -165,7 +165,7 @@ class TestAuthModule(unittest.TestCase):
             request.headers.__setitem__.side_effect = headers.__setitem__
             request.headers.__contains__.side_effect = headers.__contains__
 
-            with self.assertRaises(module_build_service.errors.Unauthorized) as cm:
+            with self.assertRaises(module_build_service.errors.Forbidden) as cm:
                 result = module_build_service.auth.get_user(request)
 
             self.assertEquals(str(cm.exception),
diff --git a/tests/test_build/test_build.py b/tests/test_build/test_build.py
index 464796aa..154830f6 100644
--- a/tests/test_build/test_build.py
+++ b/tests/test_build/test_build.py
@@ -310,7 +310,7 @@ class TestBuild(unittest.TestCase):
         with patch("module_build_service.config.Config.yaml_submit_allowed",
                 new_callable=PropertyMock, return_value = False):
             data = submit()
-            self.assertEqual(data['status'], 401)
+            self.assertEqual(data['status'], 403)
             self.assertEqual(data['message'], 'YAML submission is not enabled')
 
     @timed(30)
diff --git a/tests/test_views/test_views.py b/tests/test_views/test_views.py
index 7d911005..2b01b991 100644
--- a/tests/test_views/test_views.py
+++ b/tests/test_views/test_views.py
@@ -389,8 +389,8 @@ class TestViews(unittest.TestCase):
         data = json.loads(rv.data)
         self.assertEquals(data['message'], 'The submitted scmurl '
             'git://badurl.com is not allowed')
-        self.assertEquals(data['status'], 401)
-        self.assertEquals(data['error'], 'Unauthorized')
+        self.assertEquals(data['status'], 403)
+        self.assertEquals(data['error'], 'Forbidden')
 
     @patch('module_build_service.auth.get_user', return_value=user)
     def test_submit_build_scm_url_without_hash(self, mocked_get_user):
@@ -401,8 +401,8 @@ class TestViews(unittest.TestCase):
         self.assertEquals(data['message'], 'The submitted scmurl '
             'git://pkgs.stg.fedoraproject.org/modules/testmodule.git '
             'is not valid')
-        self.assertEquals(data['status'], 401)
-        self.assertEquals(data['error'], 'Unauthorized')
+        self.assertEquals(data['status'], 403)
+        self.assertEquals(data['error'], 'Forbidden')
 
     @patch('module_build_service.auth.get_user', return_value=user)
     @patch('module_build_service.scm.SCM')
@@ -521,8 +521,8 @@ class TestViews(unittest.TestCase):
                 'testmodule.git?#68931c90de214d9d13feefbd35246a81b6cb8d49'}))
         data = json.loads(rv.data)
 
-        self.assertEquals(data['status'], 401)
-        self.assertEquals(data['error'], 'Unauthorized')
+        self.assertEquals(data['status'], 403)
+        self.assertEquals(data['error'], 'Forbidden')
 
     @patch('module_build_service.auth.get_user', return_value=other_user)
     def test_cancel_build(self, mocked_get_user):
@@ -539,8 +539,8 @@ class TestViews(unittest.TestCase):
                                data=json.dumps({'state': 'failed'}))
         data = json.loads(rv.data)
 
-        self.assertEquals(data['status'], 401)
-        self.assertEquals(data['error'], 'Unauthorized')
+        self.assertEquals(data['status'], 403)
+        self.assertEquals(data['error'], 'Forbidden')
 
     @patch('module_build_service.auth.get_user', return_value=other_user)
     def test_cancel_build_wrong_param(self, mocked_get_user):
@@ -577,8 +577,8 @@ class TestViews(unittest.TestCase):
                 "The submitted scmurl {} is not valid".format(scmurl),
             )
         )
-        self.assertEquals(data['status'], 401)
-        self.assertEquals(data['error'], 'Unauthorized')
+        self.assertEquals(data['status'], 403)
+        self.assertEquals(data['error'], 'Forbidden')
 
     @patch('module_build_service.auth.get_user', return_value=user)
     @patch('module_build_service.scm.SCM')