diff --git a/middleware/auth.js b/middleware/auth.js
index c6a1d51f..7fa4c532 100644
--- a/middleware/auth.js
+++ b/middleware/auth.js
@@ -5,7 +5,7 @@ const createError = require('http-errors');
 const debug = require('../lib/debug');
 const { get: getConfig } = require('../lib/config');
 const { get: getClient } = require('../lib/client');
-const requiresAuth = require('./requiresAuth');
+const { requiresAuth } = require('./requiresAuth');
 const TransientCookieHandler = require('../lib/transientHandler');
 const { RequestContext, ResponseContext } = require('../lib/context');
 const appSession = require('../lib/appSession');
diff --git a/test/login.tests.js b/test/login.tests.js
index 47c035c4..b5b36231 100644
--- a/test/login.tests.js
+++ b/test/login.tests.js
@@ -96,6 +96,20 @@ describe('auth', () => {
     assert.equal(getCookieFromResponse(res, 'state'), parsed.query.state);
   });
 
+  it('should redirect to the authorize url for any route if authRequired', async () => {
+    server = await createServer(
+      auth({
+        ...defaultConfig,
+        authRequired: true,
+      })
+    );
+    const res = await request.get('/session', {
+      baseUrl,
+      followRedirect: false,
+    });
+    assert.equal(res.statusCode, 302);
+  });
+
   it('should redirect to the authorize url for /login in code flow', async () => {
     server = await createServer(
       auth({