diff --git a/src/clients.js b/src/clients.js
index 8a4f5ca2a..78d64f4db 100644
--- a/src/clients.js
+++ b/src/clients.js
@@ -268,9 +268,9 @@ function addTokenByUserId(clientId, userId, expiresAt, callback) {
 
                 callback(null, {
                     accessToken: token,
+                    tokenScopes: authorizedScopes,
                     identifier: userId,
                     clientId: result.id,
-                    scope: authorizedScopes,
                     expires: expiresAt
                 });
             });
diff --git a/src/setup.js b/src/setup.js
index f671555a7..fd35dbf89 100644
--- a/src/setup.js
+++ b/src/setup.js
@@ -251,7 +251,12 @@ function activate(username, password, email, displayName, ip, auditSource, callb
 
             eventlog.add(eventlog.ACTION_ACTIVATE, auditSource, { });
 
-            callback(null, { userId: userObject.id, token: result.accessToken, expires: result.expires });
+            callback(null, {
+                userId: userObject.id,
+                token: result.accessToken,
+                tokenScopes: result.tokenScopes,
+                expires: result.expires
+            });
 
             setTimeout(cloudron.onActivated, 3000); // hack for now to not block the above http response
         });