diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc74..5d6128b1c 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -600,7 +600,7 @@ func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request) {
 		if p.SkipProviderButton {
 			p.OAuthStart(rw, req)
 		} else {
-			p.SignInPage(rw, req, http.StatusForbidden)
+			p.SignInPage(rw, req, http.StatusUnauthorized)
 		}
 	} else {
 		p.serveMux.ServeHTTP(rw, req)
diff --git a/oauthproxy_test.go b/oauthproxy_test.go
index 1e6b3140d..d1e04b460 100644
--- a/oauthproxy_test.go
+++ b/oauthproxy_test.go
@@ -400,7 +400,7 @@ func TestSignInPageIncludesTargetRedirect(t *testing.T) {
 	const endpoint = "/some/random/endpoint"
 
 	code, body := sip_test.GetEndpoint(endpoint)
-	assert.Equal(t, 403, code)
+	assert.Equal(t, 401, code)
 
 	match := sip_test.sign_in_regexp.FindStringSubmatch(body)
 	if match == nil {