diff --git a/lib/OpenQA/WebAPI/Auth/OpenID.pm b/lib/OpenQA/WebAPI/Auth/OpenID.pm
index 0c80e02f432..bcd47cac487 100644
--- a/lib/OpenQA/WebAPI/Auth/OpenID.pm
+++ b/lib/OpenQA/WebAPI/Auth/OpenID.pm
@@ -4,7 +4,7 @@
 package OpenQA::WebAPI::Auth::OpenID;
 use Mojo::Base -base, -signatures;
 
-use OpenQA::Log qw(log_error log_warning);
+use OpenQA::Log qw(log_error log_warning log_debug);
 use LWP::UserAgent;
 use Net::OpenID::Consumer;
 use MIME::Base64 qw(encode_base64url decode_base64url);
@@ -112,17 +112,19 @@ sub auth_response ($c) {
             my $txt
               = 'Likely, OpenID message is not considered a valid object. It is missing, at least, "openqa.mode" value';
             log_warning("Invalid OpenID provided. $txt");
+            $c->flash(error => "Invalid OpenID provided: $txt");
         },
         setup_needed => sub ($setup_url) {
             # Redirect the user to $setup_url
             $setup_url = URI::Escape::uri_unescape($setup_url);
-            $c->app->log->debug(qq{setup_url[$setup_url]});
+            log_debug(qq{setup_url[$setup_url]});
 
             return (redirect => $setup_url, error => 0);
         },
-        cancelled => sub () { },    # Do something appropriate when the user hits "cancel" at the OP
-        verified => sub ($vident) { _handle_verified($c, $vident) },
-        error => sub (@args) { $err_handler->(@args) },
+        # Do something appropriate when the user hits "cancel" at the OP
+        cancelled => sub () { },    # uncoverable statement
+        verified => sub ($vident) { _handle_verified($c, $vident) },    # uncoverable statement
+        error => sub (@args) { $err_handler->(@args) },    # uncoverable statement
     );
 
     return (redirect => decode_base64url($csr->args('return_page'), error => 0)) if $csr->args('return_page');
diff --git a/t/03-auth-openid.t b/t/03-auth-openid.t
index 12c16c28706..b71f00d6eb8 100644
--- a/t/03-auth-openid.t
+++ b/t/03-auth-openid.t
@@ -2,6 +2,7 @@
 # SPDX-License-Identifier: GPL-2.0-or-later
 
 use Test::Most;
+use Mojo::Base -signatures;
 use Test::Output;
 use Test::Warnings ':report_warnings';
 use Test::MockModule;
@@ -26,7 +27,6 @@ $c->set_always(session => \%session);
 ok OpenQA::WebAPI::Auth::OpenID::_handle_verified($c, $vident), 'can call _handle_verified';
 $users->called_ok('create_user', 'new user is created for initial login');
 is(($users->call_args(2))[1], 'mordred', 'new user created with details');
-
 $c->set_always(
     req => Test::MockObject->new->set_always(params => Test::MockObject->new->set_always(pairs => [1, 2]))
       ->set_always(url => Test::MockObject->new->set_always(base => 'openqa')))
@@ -38,4 +38,18 @@ stderr_like {
 }
 qr/Invalid OpenID/, 'warning about invalid OpenID is displayed';
 
+my $mock_openid_consumer = Test::MockModule->new('Net::OpenID::Consumer');
+$mock_openid_consumer->redefine(
+    'handle_server_response',
+    sub ($self, %res_handlers) {
+        return $res_handlers{setup_needed} ?
+            $res_handlers{setup_needed}->("https://www.opensuse.org/openid/setup") : undef;
+    });
+
+stdout_like {
+    my $ret = OpenQA::WebAPI::Auth::OpenID::auth_response($c);
+    is_deeply($ret, 0, 'can handle setup_needed response');
+}
+qr/setup_url\[https:\/\/www.opensuse.org\/openid\/setup\]/, 'debug log is displayed when setup_needed';
+
 done_testing;