diff --git a/src/mk/auth.lua b/src/mk/auth.lua
index faa3be0..19df642 100644
--- a/src/mk/auth.lua
+++ b/src/mk/auth.lua
@@ -83,12 +83,23 @@ function methods:provider()
            end
            local expires = (data.persistent and (os.time() + self.expiration)) or nil
            local user, message = self:login(data.username, data.password)
+	   local redirect_or_json = function (url)
+				      if url then
+					return res:redirect(url)
+				      else
+					res:content_type("application/json")
+					res:write(json.encode{ user = user, 
+							       message = message,
+							       expires = expires })
+					return res:finish()
+				      end
+				    end
            if user then
              res:set_cookie(self.cookie_name, { value = message, expires = expires })
-             return res:redirect(data.success)
+	     return redirect_or_json(data.success)
            else
              res:delete_cookie(self.cookie_name)
-             return res:redirect(data.failure .. "?message=" .. util.url_encode(message))
+	     return redirect_or_json(data.failure and data.failure .. "?message=" .. util.url_encode(message))
            end
          end
 end
diff --git a/test/test_auth.lua b/test/test_auth.lua
index 176d86a..3bc835a 100644
--- a/test/test_auth.lua
+++ b/test/test_auth.lua
@@ -121,6 +121,22 @@ do
   assert(user == "mascarenhas")
 end
 
+do
+  -- successful login with json data, json response
+  local a = auth.new{ login = login, login_salt = login_salt, 
+		      session_salt = session_salt }
+  local env = util.make_env_post("json=" .. json.encode({ username = "mascarenhas",
+							  password = "foobar" }))
+  local status, headers, res = a:provider()(env)
+  assert(status == 200)
+  local res = json.decode(res())
+  local cookie = util.url_decode(headers["Set-Cookie"]:match("mk_auth_user=(.+)"))
+  local user, message = a:authenticate(cookie)
+  assert(user == "mascarenhas")
+  assert(res.user == user)
+  assert(a:authenticate(res.message) == user)
+end
+
 do
   -- successful login with json data, change cookie name
   local a = auth.new{ login = login, login_salt = login_salt, 
@@ -168,6 +184,20 @@ do
   assert(headers["Set-Cookie"]:match("mk_auth_user=xxx"))
 end
 
+do
+  -- bad login with json data, wrong password, json response
+  local a = auth.new{ login = login, login_salt = login_salt, 
+		      session_salt = session_salt }
+  local env = util.make_env_post("json=" .. json.encode({ username = "mascarenhas",
+							  password = "foo" }))
+  local status, headers, res = a:provider()(env)
+  assert(status == 200)
+  assert(headers["Set-Cookie"]:match("mk_auth_user=xxx"))
+  local res = json.decode(res())
+  assert(not res.user)
+  assert(res.message == "invalid password")
+end
+
 do
   -- bad login with json data, unknown user
   local a = auth.new{ login = login, login_salt = login_salt,