diff --git a/components/server/src/auth/auth-provider-service.spec.db.ts b/components/server/src/auth/auth-provider-service.spec.db.ts
index 4a13f5fbb755f7..f80d239d06f75b 100644
--- a/components/server/src/auth/auth-provider-service.spec.db.ts
+++ b/components/server/src/auth/auth-provider-service.spec.db.ts
@@ -5,7 +5,7 @@
  */
 
 import { TypeORM } from "@gitpod/gitpod-db/lib";
-import { Organization, User } from "@gitpod/gitpod-protocol";
+import { AuthProviderInfo, Organization, User } from "@gitpod/gitpod-protocol";
 import { Experiments } from "@gitpod/gitpod-protocol/lib/experiments/configcat-server";
 import * as chai from "chai";
 import { Container } from "inversify";
@@ -25,6 +25,7 @@ const expect = chai.expect;
 
 describe("AuthProviderService", async () => {
     let service: AuthProviderService;
+    let userService: UserService;
     let container: Container;
     let owner: User;
     let org: Organization;
@@ -94,13 +95,24 @@ describe("AuthProviderService", async () => {
             oauth: { ...expectedOrgEntry().oauth, clientSecret: "secret-123" },
         };
 
+    const addBuiltInProvider = (host: string = "github.com") => {
+        const config = container.get<Config>(Config);
+        config.builtinAuthProvidersConfigured = true;
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
+        config.authProviderConfigs.push((<Partial<AuthProviderParams>>{
+            host,
+            id: "Public-GitHub",
+            verified: true,
+        }) as any);
+    };
+
     beforeEach(async () => {
         container = createTestContainer();
         Experiments.configureTestingClient({
             centralizedPermissions: true,
         });
         service = container.get(AuthProviderService);
-        const userService = container.get<UserService>(UserService);
+        userService = container.get<UserService>(UserService);
         owner = await userService.createUser({
             identity: {
                 authId: "gh-user-1",
@@ -130,12 +142,7 @@ describe("AuthProviderService", async () => {
         });
 
         it("should fail in case of conflict with built-in provider", async () => {
-            const config = container.get<Config>(Config);
-            config.builtinAuthProvidersConfigured = true;
-            // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
-            config.authProviderConfigs.push({
-                host: "github.com",
-            } as any);
+            addBuiltInProvider();
 
             const providersAtStart = await service.getAllAuthProviderParams();
             expect(providersAtStart).to.be.empty;
@@ -198,8 +205,68 @@ describe("AuthProviderService", async () => {
             const created = await service.createOrgAuthProvider(owner.id, newOrgEntry());
 
             const retrieved = await service.getAuthProvider(owner.id, created.id);
-            console.log(JSON.stringify(retrieved));
             expect(retrieved).to.deep.include(expectedOrgEntry());
         });
+        it("should find user-level provider", async () => {
+            const providersAtStart = await service.getAllAuthProviderParams();
+            expect(providersAtStart).to.be.empty;
+
+            const created = await service.createAuthProviderOfUser(owner.id, newEntry());
+
+            const retrieved = await service.getAuthProvider(owner.id, created.id);
+            expect(retrieved).to.deep.include(expectedEntry());
+        });
+        it("should not find org-level provider for non-members", async () => {
+            const providersAtStart = await service.getAllAuthProviderParams();
+            expect(providersAtStart).to.be.empty;
+
+            const created = await service.createOrgAuthProvider(owner.id, newOrgEntry());
+
+            const nonMember = await userService.createUser({
+                identity: {
+                    authId: "gh-user-2",
+                    authName: "user2",
+                    authProviderId: "public-github",
+                },
+            });
+
+            // expecting 404, as Orgs shall not be enumerable to non-members
+            await expectError(ErrorCodes.NOT_FOUND, service.getAuthProvider(nonMember.id, created.id));
+        });
+    });
+
+    describe.only("getAuthProviderDescriptionsUnauthenticated", async () => {
+        it("should find built-in provider", async () => {
+            addBuiltInProvider();
+
+            const providers = await service.getAuthProviderDescriptionsUnauthenticated();
+            expect(providers).to.has.lengthOf(1);
+            expect(providers[0].authProviderId).to.be.equal("Public-GitHub");
+        });
+        it("should find only built-in providers but no user-level providers", async () => {
+            addBuiltInProvider("localhost");
+
+            const created = await service.createAuthProviderOfUser(owner.id, newEntry());
+            await service.markAsVerified({ userId: owner.id, id: created.id });
+
+            const providers = await service.getAuthProviderDescriptionsUnauthenticated();
+            expect(providers).to.has.lengthOf(1);
+            expect(providers[0].host).to.be.equal("localhost");
+        });
+        it.only("should find user-level providers if no built-in providers present", async () => {
+            const created = await service.createAuthProviderOfUser(owner.id, newEntry());
+            await service.markAsVerified({ userId: owner.id, id: created.id });
+
+            const providers = await service.getAuthProviderDescriptionsUnauthenticated();
+            expect(providers).to.has.lengthOf(1);
+            expect(providers[0]).to.deep.include(<Partial<AuthProviderInfo>>{
+                authProviderId: created.id,
+                authProviderType: created.type,
+                host: created.host,
+            });
+
+            const oauthProperty: keyof AuthProviderEntry = "oauth";
+            expect(providers[0]).to.not.haveOwnProperty(oauthProperty);
+        });
     });
 });