diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index 956b6775..18d8cfa8 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -95,11 +95,12 @@ export const authOptions: NextAuthOptions = {
       profile(profile) {
         console.log('Keycloak profile:', {
           rawRoles: profile.roles,
+          realmAccess: profile.realm_access,
           profile
         });
 
-        // Get roles from the token claims
-        const roles = profile.roles || [];
+        // Get roles from realm_access
+        const roles = profile.realm_access?.roles || [];
         console.log('Raw roles from Keycloak:', roles);
 
         // Clean up roles by removing ROLE_ prefix and converting to lowercase
@@ -131,7 +132,8 @@ export const authOptions: NextAuthOptions = {
         const keycloakProfile = profile as KeycloakProfile;
         console.log('JWT callback profile:', {
           rawRoles: keycloakProfile.roles,
-          profile: keycloakProfile
+          profile: keycloakProfile,
+          token: account.access_token
         });
 
         // Clean up roles by removing ROLE_ prefix and converting to lowercase