diff --git a/roles/pdns/templates/powerdns-admin.env b/roles/pdns/templates/powerdns-admin.env
index d1828d4..f0483d7 100644
--- a/roles/pdns/templates/powerdns-admin.env
+++ b/roles/pdns/templates/powerdns-admin.env
@@ -2,12 +2,13 @@ SECRET_KEY={{ lookup('ansible.builtin.ini', 'pdns_admin_secret section=pdns file
 OIDC_OAUTH_ENABLED=true
 OIDC_OAUTH_KEY=powerdnsadmin
 OIDC_OAUTH_SECRET={{ lookup('ansible.builtin.ini', 'oidc_secret section=pdns file=secrets/' + inventory_hostname + '.ini') }}
-OIDC_OAUTH_API_URL=https://auth.janky.solutions/auth/realms/janky.solutions/protocol/openid-connect/
-OIDC_OAUTH_METADATA_URL=https://auth.janky.solutions/auth/realms/janky.solutions/.well-known/openid-configuration
-OIDC_OAUTH_LOGOUT_URL=https://auth.janky.solutions/auth/realms/janky.solutions/protocol/openid-connect/logout
+OIDC_OAUTH_API_URL=https://auth.janky.solutions/realms/janky.solutions/protocol/openid-connect/
+OIDC_OAUTH_METADATA_URL=https://auth.janky.solutions/realms/janky.solutions/.well-known/openid-configuration
+OIDC_OAUTH_LOGOUT_URL=https://auth.janky.solutions/realms/janky.solutions/protocol/openid-connect/logout
 OIDC_OAUTH_USERNAME=preferred_username
 OIDC_OAUTH_FIRSTNAME=given_name
 OIDC_OAUTH_LAST_NAME=family_name
 OIDC_OAUTH_EMAIL=email
+OIDC_OAUTH_SCOPE=openid email
 SIGNUP_ENABLED=false
 LOCAL_DB_ENABLED=false