diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index 9c03b7d5..b2c0d4f1 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -1,6 +1,14 @@
 import NextAuth, { NextAuthOptions } from "next-auth";
 import KeycloakProvider from "next-auth/providers/keycloak";
 
+interface RocketChatLoginResponse {
+  status: string;
+  data: {
+    authToken: string;
+    userId: string;
+  };
+}
+
 declare module "next-auth" {
   interface Session {
     user: {
@@ -14,6 +22,8 @@ declare module "next-auth" {
       role: string[];
     };
     accessToken: string;
+    rocketChatToken: string;
+    rocketChatUserId: string;
   }
 
   interface JWT {
@@ -24,6 +34,22 @@ declare module "next-auth" {
     username: string;
     first_name: string;
     last_name: string;
+    rocketChatToken: string;
+    rocketChatUserId: string;
+  }
+}
+
+declare module "next-auth/jwt" {
+  interface JWT {
+    accessToken: string;
+    refreshToken: string;
+    accessTokenExpires: number;
+    role: string[];
+    username: string;
+    first_name: string;
+    last_name: string;
+    rocketChatToken: string;
+    rocketChatUserId: string;
   }
 }
 
@@ -68,6 +94,31 @@ export const authOptions: NextAuthOptions = {
         token.username = (profile as any).preferred_username ?? profile.email?.split('@')[0] ?? '';
         token.first_name = (profile as any).given_name ?? '';
         token.last_name = (profile as any).family_name ?? '';
+        
+        // Get Rocket.Chat token for the user using their Keycloak password
+        try {
+          const rocketChatResponse = await fetch('https://parole.slm-lab.net/api/v1/login', {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+              user: token.username,
+              password: account.access_token, // Use the Keycloak access token as password
+            }),
+          });
+
+          if (rocketChatResponse.ok) {
+            const rocketChatData = await rocketChatResponse.json() as RocketChatLoginResponse;
+            if (rocketChatData.data) {
+              token.rocketChatToken = rocketChatData.data.authToken;
+              token.rocketChatUserId = rocketChatData.data.userId;
+            }
+          }
+        } catch (error) {
+          console.error('Error getting Rocket.Chat token:', error);
+        }
+
         return token;
       }
 
@@ -115,6 +166,8 @@ export const authOptions: NextAuthOptions = {
       }
 
       session.accessToken = token.accessToken;
+      session.rocketChatToken = token.rocketChatToken;
+      session.rocketChatUserId = token.rocketChatUserId;
       session.user = {
         ...session.user,
         id: token.sub as string,
diff --git a/app/api/rocket-chat/messages/route.ts b/app/api/rocket-chat/messages/route.ts
index 286ce1f7..b93da89c 100644
--- a/app/api/rocket-chat/messages/route.ts
+++ b/app/api/rocket-chat/messages/route.ts
@@ -9,13 +9,13 @@ export async function GET() {
       return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
     }
 
-    // Use the Rocket.Chat token from environment variables
-    const rocketChatToken = process.env.ROCKET_CHAT_TOKEN;
-    const rocketChatUserId = process.env.ROCKET_CHAT_USER_ID;
+    // Get the user's Rocket.Chat token from their session
+    const rocketChatToken = session.rocketChatToken;
+    const rocketChatUserId = session.rocketChatUserId;
 
     if (!rocketChatToken || !rocketChatUserId) {
-      console.error('Missing Rocket.Chat credentials in environment variables');
-      return NextResponse.json({ error: "Server configuration error" }, { status: 500 });
+      console.error('Missing Rocket.Chat credentials in user session');
+      return NextResponse.json({ error: "User not authenticated with Rocket.Chat" }, { status: 401 });
     }
 
     // Get the user's subscriptions (rooms they are in)
diff --git a/types/next-auth.d.ts b/types/next-auth.d.ts
index 04a8c55f..a6d95d9b 100644
--- a/types/next-auth.d.ts
+++ b/types/next-auth.d.ts
@@ -8,19 +8,25 @@ declare module "next-auth" {
       last_name: string;
       username: string;
       email: string;
-      role?: string[];
+      role: string[];
     } & DefaultSession["user"];
     accessToken: string;
     refreshToken: string;
+    rocketChatToken: string;
+    rocketChatUserId: string;
     error?: string;
   }
 
   interface JWT {
-    accessToken?: string;
-    first_name?: string;
-    last_name?: string;
-    username?: string;
-    role?: string[] | string | null;
+    accessToken: string;
+    refreshToken: string;
+    accessTokenExpires: number;
+    first_name: string;
+    last_name: string;
+    username: string;
+    role: string[];
+    rocketChatToken: string;
+    rocketChatUserId: string;
     error?: string;
   }
 
@@ -30,7 +36,7 @@ declare module "next-auth" {
     last_name: string;
     username: string;
     email: string;
-    role?: string[] | string | null;
+    role: string[];
   }
 
   interface Profile {