diff --git a/Gemfile b/Gemfile
index 8566188a1..c232b802c 100755
--- a/Gemfile
+++ b/Gemfile
@@ -24,12 +24,13 @@ gem "webpack-rails"
 # Active on the "official" FarmBot server, set the appropriate ENV
 # vars if you wish to use them on your own servers.
 gem "rollbar"
-gem "skylight"
+gem "skylight", "1.4.0"
 
 group :development, :test do
   gem "codecov", require: false
   gem "database_cleaner"
   gem "pry"
+  gem "pry-rails"
   gem "factory_girl_rails"
   gem "faker"
   gem "smarf_doc", git: "https://github.com/RickCarlino/smarf_doc.git"
diff --git a/Gemfile.lock b/Gemfile.lock
index 4d1cd9e37..4ec0478bb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -156,6 +156,8 @@ GEM
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
       slop (~> 3.4)
+    pry-rails (0.3.6)
+      pry (>= 0.10.4)
     public_suffix (3.0.0)
     rack (2.0.3)
     rack-attack (5.0.1)
@@ -229,7 +231,7 @@ GEM
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
-    skylight (1.3.1)
+    skylight (1.4.0)
       activesupport (>= 3.0.0)
     slop (3.6.0)
     sprockets (3.7.1)
@@ -278,6 +280,7 @@ DEPENDENCIES
   pg
   polymorphic_constraints
   pry
+  pry-rails
   rack-attack
   rack-cors
   rails
@@ -287,7 +290,7 @@ DEPENDENCIES
   rspec (~> 3.5.0)
   rspec-rails (~> 3.5.0)
   simplecov
-  skylight
+  skylight (= 1.4.0)
   smarf_doc!
   thin
   tzinfo
diff --git a/spec/mutations/auth/create_token_from_credentials_spec.rb b/spec/mutations/auth/create_token_from_credentials_spec.rb
index 88ba0a7d5..786b2aa94 100644
--- a/spec/mutations/auth/create_token_from_credentials_spec.rb
+++ b/spec/mutations/auth/create_token_from_credentials_spec.rb
@@ -3,10 +3,28 @@ require 'spec_helper'
 describe Auth::FromJWT do
   let(:user)  { FactoryGirl.create(:user) }
 
-  it 'gets user from jwt' do
+
+  def fake_credentials(email, password)
+    # Input -> JSONify -> encrypt -> Base64ify
+    secret = { email: email, password: password }.to_json
+    ct     = KeyGen.current.public_encrypt(secret)
+    return Base64.encode64(ct)
+  end
+
+  it 'rejects bad credentials' do
     results = Auth::CreateTokenFromCredentials.run(credentials: "FOO" )
     expect(results.success?).to eq(false)
     expect(results.errors.message_list)
       .to include(Auth::CreateTokenFromCredentials::BAD_KEY)
   end
+
+  it 'accepts good credentials' do
+    pw      = "password123"
+    user    = FactoryGirl.create(:user, password: pw)
+    email   = user.email
+    creds   = fake_credentials(email, pw)
+    results = Auth::CreateTokenFromCredentials.run!(credentials: creds)
+    expect(results[:token]).to be_kind_of(SessionToken)
+    expect(results[:user]).to eq(user)
+  end
 end