diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index cb8e56b7..c5a0caad 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -93,8 +93,12 @@ export const authOptions: NextAuthOptions = {
           profile
         });
 
+        // Get roles from the token claims
+        const roles = profile.roles || [];
+        console.log('Raw roles from Keycloak:', roles);
+
         // Clean up roles by removing ROLE_ prefix and converting to lowercase
-        const cleanRoles = (profile.roles ?? []).map(role => 
+        const cleanRoles = roles.map(role => 
           role.replace(/^ROLE_/, '').toLowerCase()
         );