diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3061749..1e3aaf9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## Unreleased
+### Fixed
+- Add unauthorized_entity to authenticate_for's default for called by callback
+
 ## [2.1.1] - 2017-02-11
 ### Fixed
 - Stop trying to retrieve user from empty payload when no token is given
diff --git a/lib/knock/authenticable.rb b/lib/knock/authenticable.rb
index 96d8a43..f26e870 100644
--- a/lib/knock/authenticable.rb
+++ b/lib/knock/authenticable.rb
@@ -1,8 +1,12 @@
 module Knock::Authenticable
-  def authenticate_for entity_class
+  def authenticate_for entity_class, by_callback: true
     getter_name = "current_#{entity_class.to_s.parameterize.underscore}"
     define_current_entity_getter(entity_class, getter_name)
-    public_send(getter_name)
+    if by_callback
+      unauthorized_entity unless public_send(getter_name)
+    else
+      public_send(getter_name)
+    end
   end
 
   private
@@ -15,7 +19,7 @@ def method_missing(method, *args)
     prefix, entity_name = method.to_s.split('_', 2)
     case prefix
     when 'authenticate'
-      unauthorized_entity(entity_name) unless authenticate_entity(entity_name)
+      unauthorized_entity unless authenticate_entity(entity_name)
     when 'current'
       authenticate_entity(entity_name)
     else
@@ -26,11 +30,11 @@ def method_missing(method, *args)
   def authenticate_entity(entity_name)
     if token
       entity_class = entity_name.camelize.constantize
-      send(:authenticate_for, entity_class)
+      send(:authenticate_for, entity_class, by_callback: false)
     end
   end
 
-  def unauthorized_entity(entity_name)
+  def unauthorized_entity
     head(:unauthorized)
   end
 
diff --git a/test/dummy/app/controllers/custom_unauthorized_entity_controller.rb b/test/dummy/app/controllers/custom_unauthorized_entity_controller.rb
index 759a266..239fa45 100644
--- a/test/dummy/app/controllers/custom_unauthorized_entity_controller.rb
+++ b/test/dummy/app/controllers/custom_unauthorized_entity_controller.rb
@@ -7,7 +7,7 @@ def index
 
   private
 
-  def unauthorized_entity(entity)
+  def unauthorized_entity
     head :not_found
   end
 end
diff --git a/test/dummy/test/controllers/v1/test_namespaced_controller_test.rb b/test/dummy/test/controllers/v1/test_namespaced_controller_test.rb
index 0ec77dd..f2e6d96 100644
--- a/test/dummy/test/controllers/v1/test_namespaced_controller_test.rb
+++ b/test/dummy/test/controllers/v1/test_namespaced_controller_test.rb
@@ -3,17 +3,25 @@
 
 module Knock
   class TestNamespacedControllerTest < ActionDispatch::IntegrationTest
-
     setup do
       @user = V1::User.first
+      @token = Knock::AuthToken.new(payload: { sub: @user.id }).token
     end
 
     test "allow namespaced models" do
-      token = Knock::AuthToken.new(payload: { sub: @user.id }).token
-      get v1_test_namespaced_index_url, headers: {'Authorization': "Bearer #{token}"}
+      get v1_test_namespaced_index_url, headers: {'Authorization': "Bearer #{@token}"}
       assert_response :ok
       assert_equal @user, @controller.current_v1_user
     end
 
+    test 'responds with unauthorized' do
+      get v1_test_namespaced_index_url
+      assert_response :unauthorized
+    end
+
+    test 'responds with unauthorized with invalid token in header' do
+      get v1_test_namespaced_index_url, headers: {'Authorization': 'Bearer invalid'}
+      assert_response :unauthorized
+    end
   end
 end