diff --git a/src/utils/auth.jl b/src/utils/auth.jl
index 15e3c92..3fa6744 100644
--- a/src/utils/auth.jl
+++ b/src/utils/auth.jl
@@ -7,6 +7,13 @@ abstract type Authorization end
 # TODO: SecureString on 0.7
 struct OAuth2 <: Authorization
     token::String
+    function OAuth2(token)
+        token = convert(String, token)
+        if !all(c->isascii(c) && !isspace(c), token)
+            throw(ArgumentError("token `$token` has invalid whitespace or non-ascii character."))
+        end
+        new(token)
+    end
 end
 
 struct UsernamePassAuth <: Authorization
@@ -18,6 +25,13 @@ struct AnonymousAuth <: Authorization end
 
 struct JWTAuth <: Authorization
     JWT::String
+    function JWTAuth(token)
+        token = convert(String, token)
+        if !all(c->isascii(c) && !isspace(c), token)
+            throw(ArgumentError("ArgumentError token `$token` has invalid whitespace or non-ascii character."))
+        end
+        new(token)
+    end
 end
 
 ####################
diff --git a/test/auth_tests.jl b/test/auth_tests.jl
index 27876d0..e6d07cc 100644
--- a/test/auth_tests.jl
+++ b/test/auth_tests.jl
@@ -21,3 +21,6 @@ auth2 = GitHub.JWTAuth(1234, key; iat = DateTime("2016-9-15T14:00"))
 # test to make sure things don't break.
 @test auth.JWT == correct_jwt
 @test auth2.JWT == correct_jwt
+
+@test_throws ArgumentError GitHub.OAuth2("ghp_\n")
+@test_throws ArgumentError GitHub.JWTAuth("ghp_\n")