diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index c5a0caad..956b6775 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -87,6 +87,11 @@ export const authOptions: NextAuthOptions = {
       clientId: getRequiredEnvVar("KEYCLOAK_CLIENT_ID"),
       clientSecret: getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET"),
       issuer: getRequiredEnvVar("KEYCLOAK_ISSUER"),
+      authorization: {
+        params: {
+          scope: "openid profile email roles"
+        }
+      },
       profile(profile) {
         console.log('Keycloak profile:', {
           rawRoles: profile.roles,