diff --git a/internal/supervisor/server/server.go b/internal/supervisor/server/server.go
index 5018038f..153869b0 100644
--- a/internal/supervisor/server/server.go
+++ b/internal/supervisor/server/server.go
@@ -441,7 +441,7 @@ func runSupervisor(ctx context.Context, podInfo *downward.PodInfo, cfg *supervis
 	dynamicUpstreamIDPProvider := dynamicupstreamprovider.NewDynamicUpstreamIDPProvider()
 	secretCache := secret.Cache{}
 
-	// OIDC endpoints will be served by the oidProvidersManager, and any non-OIDC paths will fallback to the healthMux.
+	// OIDC endpoints will be served by the endpoints manager, and any non-OIDC paths will fallback to the healthMux.
 	oidProvidersManager := endpointsmanager.NewManager(
 		healthMux,
 		dynamicJWKSProvider,
diff --git a/test/integration/supervisor_login_test.go b/test/integration/supervisor_login_test.go
index 393d67a1..3bfd780d 100644
--- a/test/integration/supervisor_login_test.go
+++ b/test/integration/supervisor_login_test.go
@@ -2547,6 +2547,8 @@ func makeAuthorizationRequestAndRequireSecurityHeaders(ctx context.Context, t *t
 		t.Logf("makeAuthorizationRequestAndRequireSecurityHeaders authorization response: %#v", authorizeResp)
 		t.Logf("makeAuthorizationRequestAndRequireSecurityHeaders authorization response body: %q", body)
 	}
+	require.Less(t, authorizeResp.StatusCode, 400,
+		"expected a successful authorize response, but got a response status indicating an error (see log above)")
 	expectSecurityHeaders(t, authorizeResp, false)
 }