diff --git a/Makefile b/Makefile
index 172c70dc29..e33fc54884 100644
--- a/Makefile
+++ b/Makefile
@@ -255,6 +255,7 @@ SPEC_HELPER_MIN_SPECS = \
 	spec/models/carto/mobile_app_presenter_spec.rb \
 	spec/models/carto/notification_spec.rb \
 	spec/models/carto/oauth_app_spec.rb \
+	spec/models/carto/oauth_app_user_spec.rb \
 	spec/models/carto/overlay_spec.rb \
 	spec/models/carto/rate_limit_spec.rb \
 	spec/models/carto/received_notification_spec.rb \
diff --git a/spec/factories/oauth_apps.rb b/spec/factories/oauth_apps.rb
new file mode 100644
index 0000000000..3414617584
--- /dev/null
+++ b/spec/factories/oauth_apps.rb
@@ -0,0 +1,8 @@
+require_relative '../../app/models/carto/widget'
+
+FactoryGirl.define do
+  factory :oauth_app, class: Carto::OauthApp do
+    name { unique_name('Oauth application') }
+    redirect_urls ['https://redirect.uri']
+  end
+end
diff --git a/spec/models/carto/oauth_app_user_spec.rb b/spec/models/carto/oauth_app_user_spec.rb
new file mode 100644
index 0000000000..f7833d137d
--- /dev/null
+++ b/spec/models/carto/oauth_app_user_spec.rb
@@ -0,0 +1,57 @@
+# encoding: utf-8
+
+require 'spec_helper_min'
+
+module Carto
+  describe OauthAppUser do
+    describe '#validation' do
+      before(:all) do
+        @user = FactoryGirl.build(:carto_user)
+        @app = FactoryGirl.build(:oauth_app)
+        @api_key = FactoryGirl.build(:master_api_key, user: @user)
+      end
+
+      it 'requires user' do
+        app_user = OauthAppUser.new
+        expect(app_user).to_not(be_valid)
+        expect(app_user.errors[:user]).to(include("can't be blank"))
+      end
+
+      it 'requires oauth app_user' do
+        app_user = OauthAppUser.new
+        expect(app_user).to_not(be_valid)
+        expect(app_user.errors[:oauth_app]).to(include("can't be blank"))
+      end
+
+      it 'requires code or api_key' do
+        app_user = OauthAppUser.new
+        expect(app_user).to_not(be_valid)
+        expect(app_user.errors[:api_key]).to(include("must be present if code is missing"))
+
+        app_user.code = ''
+        expect(app_user).to_not(be_valid)
+        expect(app_user.errors[:api_key]).to(include("must be present if code is missing"))
+      end
+
+      it 'requires code and redirection_url to be present at the same time' do
+        app_user = OauthAppUser.new(code: 'code')
+        expect(app_user).to_not(be_valid)
+        expect(app_user.errors[:redirect_url]).to(include("must be present if code is"))
+
+        app_user = OauthAppUser.new(redirect_url: 'something')
+        expect(app_user).to_not(be_valid)
+        expect(app_user.errors[:code]).to(include("must be present if redirect_url is"))
+      end
+
+      it 'validates with api_key' do
+        app_user = OauthAppUser.new(user: @user, oauth_app: @app, api_key: @api_key)
+        expect(app_user).to(be_valid)
+      end
+
+      it 'validates with code' do
+        app_user = OauthAppUser.new(user: @user, oauth_app: @app, code: 'wadus', redirect_url: 'what')
+        expect(app_user).to(be_valid)
+      end
+    end
+  end
+end