diff --git a/test/test_endpoints.py b/test/test_endpoints.py
index 6109350d8..461ec8ad2 100644
--- a/test/test_endpoints.py
+++ b/test/test_endpoints.py
@@ -95,7 +95,9 @@ class EndpointTestCase(unittest.TestCase):
       url = EndpointTestCase._add_csrf(url)
 
     rv = self.app.post(url, headers=headers, data=form)
-    self.assertEquals(rv.status_code, expected_code)
+    if expected_code is not None:
+      self.assertEquals(rv.status_code, expected_code)
+
     return rv
 
   def login(self, username, password):
@@ -330,7 +332,17 @@ class OAuthTestCase(EndpointTestCase):
     # Try without the client id being in the whitelist a few times, making sure we eventually get rate limited.
     headers = dict(authorization='Basic ' + base64.b64encode('devtable:invalidpassword'))
     self.postResponse('web.authorize_application', headers=headers, form=form, with_csrf=False, expected_code=401)
-    self.postResponse('web.authorize_application', headers=headers, form=form, with_csrf=False, expected_code=429)
+
+    counter = 0
+    while True:
+      r = self.postResponse('web.authorize_application', headers=headers, form=form, with_csrf=False, expected_code=None)
+      self.assertNotEquals(200, r.status_code)
+      counter = counter + 1
+      if counter > 5:
+        self.fail('Exponential backoff did not fire')
+
+      if r.status_code == 429:
+        break
 
 
 class KeyServerTestCase(EndpointTestCase):