diff --git a/uffd/oauth2/views.py b/uffd/oauth2/views.py
index c52fb137b2fa71ee954aad6aad3315e7327c5eb0..cb8037c957d823dc4948da540771467215ef7ca6 100644
--- a/uffd/oauth2/views.py
+++ b/uffd/oauth2/views.py
@@ -175,6 +175,8 @@ def authorize():
 	# Here we would normally ask the user, if he wants to give the requesting
 	# service access to his data. Since we only have trusted services (the
 	# clients defined in the server config), we don't ask for consent.
+	if not client.access_allowed(credentials['user']):
+		raise oauthlib.oauth2.rfc6749.errors.AccessDeniedError('User is not permitted to authenticate with this service.')
 	session['oauth2-clients'] = session.get('oauth2-clients', [])
 	if client.client_id not in session['oauth2-clients']:
 		session['oauth2-clients'].append(client.client_id)