diff --git a/libsql-server/src/auth/parsers.rs b/libsql-server/src/auth/parsers.rs
index 0118bb0d69..ca4e7b9734 100644
--- a/libsql-server/src/auth/parsers.rs
+++ b/libsql-server/src/auth/parsers.rs
@@ -42,7 +42,7 @@ pub(crate) fn parse_grpc_auth_header(
     return metadata
         .get(GRPC_AUTH_HEADER)
         .ok_or(AuthError::AuthHeaderNotFound)
-        .and_then(|h| h.to_str().map_err(|_| AuthError::AuthHeaderNonAscii)) // this never happens, guaranteed at type level
+        .and_then(|h| h.to_str().map_err(|_| AuthError::AuthHeaderNonAscii))
         .and_then(|t| UserAuthContext::from_auth_str(t))
         .map_err(|e| {
             tonic::Status::new(
@@ -103,6 +103,17 @@ mod tests {
         );
     }
 
+    #[test]
+    fn parse_grpc_auth_header_error_non_ascii() {
+        let mut map = tonic::metadata::MetadataMap::new();
+        map.insert("x-authorization", "bearer I❤NY".parse().unwrap());
+        let result = parse_grpc_auth_header(&map);
+        assert_eq!(
+            result.unwrap_err().message(),
+            "Failed parse grpc auth: Non-ASCII auth header"
+        )
+    }
+
     #[test]
     fn parse_grpc_auth_header_error_malformed_auth_str() {
         let mut map = tonic::metadata::MetadataMap::new();