diff --git a/app/controllers/scimitar/application_controller.rb b/app/controllers/scimitar/application_controller.rb
index 01ed3af..4f4d538 100644
--- a/app/controllers/scimitar/application_controller.rb
+++ b/app/controllers/scimitar/application_controller.rb
@@ -139,11 +139,15 @@ def authenticate
 
       def authenticated?
         result = if Scimitar.engine_configuration.basic_authenticator.present?
-          authenticate_with_http_basic(&Scimitar.engine_configuration.basic_authenticator)
+          authenticate_with_http_basic do |username, password|
+            instance_exec(username, password, &Scimitar.engine_configuration.basic_authenticator)
+          end
         end
 
         result ||= if Scimitar.engine_configuration.token_authenticator.present?
-          authenticate_with_http_token(&Scimitar.engine_configuration.token_authenticator)
+          authenticate_with_http_token do |token, options|
+            instance_exec(token, options, &Scimitar.engine_configuration.token_authenticator)
+          end
         end
 
         return result
diff --git a/spec/controllers/scimitar/application_controller_spec.rb b/spec/controllers/scimitar/application_controller_spec.rb
index 4622882..317996d 100644
--- a/spec/controllers/scimitar/application_controller_spec.rb
+++ b/spec/controllers/scimitar/application_controller_spec.rb
@@ -107,6 +107,54 @@ def index
     end
   end
 
+  context 'authenticator evaluated within controller context' do
+    before do
+      Scimitar.engine_configuration = Scimitar::EngineConfiguration.new(
+        token_authenticator: Proc.new do | token, options |
+          token == valid_token
+        end
+      )
+    end
+
+    controller do
+      def index
+        render json: { 'message' => 'cool, cool!' }, format: :scim
+      end
+
+      def valid_token
+        'B'
+      end
+    end
+
+    it 'renders success when valid creds are given' do
+      request.env['HTTP_AUTHORIZATION'] = 'Bearer B'
+
+      get :index, params: { format: :scim }
+      expect(response).to be_ok
+      expect(JSON.parse(response.body)).to eql({ 'message' => 'cool, cool!' })
+      expect(response.headers['WWW-Authenticate']).to eql('Bearer')
+    end
+
+    it 'renders failure with bad token' do
+      request.env['HTTP_AUTHORIZATION'] = 'Bearer Invalid'
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+    it 'renders failure with blank token' do
+      request.env['HTTP_AUTHORIZATION'] = 'Bearer'
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+    it 'renders failure with missing header' do
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+  end
+
   context 'authenticated' do
     controller do
       rescue_from StandardError, with: :handle_resource_not_found
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 2442028..f686bb7 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -39,6 +39,13 @@
   config.use_transactional_fixtures = true
 
   Kernel.srand config.seed
+
+  config.around :each do | example |
+    original_engine_configuration = Scimitar.instance_variable_get('@engine_configuration')
+    example.run()
+  ensure
+    Scimitar.instance_variable_set('@engine_configuration', original_engine_configuration)
+  end
 end
 
 # ============================================================================