diff --git a/app/controllers/devise_token_auth/sessions_controller.rb b/app/controllers/devise_token_auth/sessions_controller.rb
index fc3949181..559d456c5 100644
--- a/app/controllers/devise_token_auth/sessions_controller.rb
+++ b/app/controllers/devise_token_auth/sessions_controller.rb
@@ -22,8 +22,7 @@ def create
       if @resource && valid_params?(field, q_value) && (!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
         valid_password = @resource.valid_password?(resource_params[:password])
         if (@resource.respond_to?(:valid_for_authentication?) && !@resource.valid_for_authentication? { valid_password }) || !valid_password
-          render_create_error_bad_credentials
-          return
+         return render_create_error_bad_credentials
         end
         @client_id, @token = @resource.create_token
         @resource.save
@@ -34,7 +33,11 @@ def create
 
         render_create_success
       elsif @resource && !(!@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?)
-        render_create_error_not_confirmed
+        if @resource.respond_to?(:locked_at) && @resource.locked_at
+          render_create_error_account_locked
+        else
+          render_create_error_not_confirmed
+        end
       else
         render_create_error_bad_credentials
       end
@@ -102,6 +105,10 @@ def render_create_error_not_confirmed
       render_error(401, I18n.t("devise_token_auth.sessions.not_confirmed", email: @resource.email))
     end
 
+    def render_create_error_account_locked
+      render_error(401, I18n.t("devise.mailer.unlock_instructions.account_lock_msg"))
+    end
+
     def render_create_error_bad_credentials
       render_error(401, I18n.t("devise_token_auth.sessions.bad_credentials"))
     end
diff --git a/test/controllers/devise_token_auth/sessions_controller_test.rb b/test/controllers/devise_token_auth/sessions_controller_test.rb
index 188f97201..694bbc88a 100644
--- a/test/controllers/devise_token_auth/sessions_controller_test.rb
+++ b/test/controllers/devise_token_auth/sessions_controller_test.rb
@@ -450,7 +450,7 @@ def @controller.reset_session
 
         test 'response should contain errors' do
           assert @data['errors']
-          assert_equal @data['errors'], [I18n.t('devise_token_auth.sessions.not_confirmed', email: @locked_user.email)]
+          assert_equal @data['errors'], [I18n.t('devise.mailer.unlock_instructions.account_lock_msg')]
         end
       end