diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java
index 2c8accbeb..e32a74292 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java
@@ -38,6 +38,7 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -975,6 +976,53 @@ public void idTokenWithAudience_iamFlow_targetAudienceDoesNotMatchAudClaim() thr
         tokenCredential.getIdToken().getJsonWebSignature().getPayload().getAudience());
   }
 
+  @Test
+  public void idTokenWithAudience_oauthEndpoint_non2XXStatusCode() throws IOException {
+    MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();
+    transportFactory.transport.setError(new IOException("404 Not Found"));
+    ServiceAccountCredentials credentials =
+        createDefaultBuilder().setScopes(SCOPES).setHttpTransportFactory(transportFactory).build();
+
+    String targetAudience = "audience";
+    IdTokenCredentials tokenCredential =
+        IdTokenCredentials.newBuilder()
+            .setIdTokenProvider(credentials)
+            .setTargetAudience(targetAudience)
+            .build();
+
+    // Ensure that a non 2xx status code returns an exception and doesn't continue execution
+    assertThrows(IOException.class, tokenCredential::refresh);
+  }
+
+  @Test
+  public void idTokenWithAudience_iamEndpoint_non2XXStatusCode() throws IOException {
+    String universeDomain = "test.com";
+    MockIAMCredentialsServiceTransportFactory transportFactory =
+        new MockIAMCredentialsServiceTransportFactory(universeDomain);
+    transportFactory.getTransport().setTargetPrincipal(CLIENT_EMAIL);
+    transportFactory.getTransport().setIdToken(DEFAULT_ID_TOKEN);
+    transportFactory
+        .getTransport()
+        .addStatusCodeAndMessage(HttpStatusCodes.STATUS_CODE_NOT_FOUND, "Not Found");
+    ServiceAccountCredentials credentials =
+        createDefaultBuilder()
+            .setScopes(SCOPES)
+            .setHttpTransportFactory(transportFactory)
+            .setUniverseDomain(universeDomain)
+            .build();
+
+    String targetAudience = "audience";
+    IdTokenCredentials tokenCredential =
+        IdTokenCredentials.newBuilder()
+            .setIdTokenProvider(credentials)
+            .setTargetAudience(targetAudience)
+            .build();
+
+    // Ensure that a non 2xx status code returns an exception and doesn't continue execution
+    // Non 2xx status codes will be returned as HttpResponseException
+    assertThrows(IOException.class, tokenCredential::refresh);
+  }
+
   @Test
   public void getScopes_nullReturnsEmpty() throws IOException {
     ServiceAccountCredentials credentials = createDefaultBuilder().build();
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java
index 27cd44b37..254e6f550 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java
@@ -37,6 +37,7 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -813,6 +814,21 @@ public void IdTokenCredentials_NoRetry_RetryableStatus_throws() throws IOExcepti
     }
   }
 
+  @Test
+  public void idTokenWithAudience_non2xxError() throws IOException {
+    MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();
+    transportFactory.transport.setError(new IOException("404 Not Found"));
+    String refreshToken = MockTokenServerTransport.REFRESH_TOKEN_WITH_USER_SCOPE;
+    InputStream userStream = writeUserStream(CLIENT_ID, CLIENT_SECRET, refreshToken, QUOTA_PROJECT);
+
+    UserCredentials credentials = UserCredentials.fromStream(userStream, transportFactory);
+
+    IdTokenCredentials tokenCredential =
+        IdTokenCredentials.newBuilder().setIdTokenProvider(credentials).build();
+
+    assertThrows(GoogleAuthException.class, tokenCredential::refresh);
+  }
+
   @Test
   public void refreshAccessToken_4xx_5xx_NonRetryableFails() throws IOException {
     MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();