diff --git a/app/package-lock.json b/app/package-lock.json
index ea0abeb..6bf65fb 100644
--- a/app/package-lock.json
+++ b/app/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "gameyfin",
-  "version": "2.0.0.beta6",
+  "version": "2.0.0.RC1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "gameyfin",
-      "version": "2.0.0.beta6",
+      "version": "2.0.0.RC1",
       "dependencies": {
         "@heroui/react": "2.7.9",
         "@material-tailwind/react": "^2.1.10",
diff --git a/app/package.json b/app/package.json
index 2981fce..a1b40b3 100644
--- a/app/package.json
+++ b/app/package.json
@@ -265,4 +265,4 @@
     "disableUsageStatistics": true,
     "hash": "962eccc3fa0735d5234901be4f9e384096113c45bec22564a53688096d62aef4"
   }
-}
+}
\ No newline at end of file
diff --git a/app/src/main/kotlin/org/gameyfin/app/core/security/SsoAuthenticationSuccessHandler.kt b/app/src/main/kotlin/org/gameyfin/app/core/security/SsoAuthenticationSuccessHandler.kt
index 15cb458..cc4ebc4 100644
--- a/app/src/main/kotlin/org/gameyfin/app/core/security/SsoAuthenticationSuccessHandler.kt
+++ b/app/src/main/kotlin/org/gameyfin/app/core/security/SsoAuthenticationSuccessHandler.kt
@@ -5,10 +5,15 @@ import jakarta.servlet.http.HttpServletResponse
 import org.gameyfin.app.config.ConfigProperties
 import org.gameyfin.app.config.ConfigService
 import org.gameyfin.app.config.MatchUsersBy
+import org.gameyfin.app.core.Role
 import org.gameyfin.app.users.RoleService
 import org.gameyfin.app.users.UserService
 import org.gameyfin.app.users.entities.User
+import org.springframework.security.access.hierarchicalroles.RoleHierarchy
+import org.springframework.security.access.hierarchicalroles.RoleHierarchyAuthoritiesMapper
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.Authentication
+import org.springframework.security.core.context.SecurityContextHolder
 import org.springframework.security.oauth2.core.oidc.user.OidcUser
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler
 import org.springframework.stereotype.Component
@@ -17,9 +22,12 @@ import org.springframework.stereotype.Component
 class SsoAuthenticationSuccessHandler(
     private val userService: UserService,
     private val roleService: RoleService,
-    private val config: ConfigService
+    private val config: ConfigService,
+    private val roleHierarchy: RoleHierarchy,
 ) : AuthenticationSuccessHandler {
 
+    private val authoritiesMapper = RoleHierarchyAuthoritiesMapper(roleHierarchy)
+
     override fun onAuthenticationSuccess(
         request: HttpServletRequest,
         response: HttpServletResponse,
@@ -62,9 +70,17 @@ class SsoAuthenticationSuccessHandler(
 
 
         val grantedAuthorities = roleService.extractGrantedAuthorities(oidcUser.authorities)
-        matchedUser.roles = roleService.authoritiesToRoles(grantedAuthorities)
+        val roles = roleService.authoritiesToRoles(grantedAuthorities).ifEmpty { listOf(Role.USER) }
+        matchedUser.roles = roles
         userService.registerOrUpdateUser(matchedUser)
 
+        // Update SecurityContext with expanded authorities through RoleHierarchy
+        val mappedAuthorities = authoritiesMapper.mapAuthorities(grantedAuthorities)
+
+        val newAuth =
+            UsernamePasswordAuthenticationToken(authentication.principal, authentication.credentials, mappedAuthorities)
+        SecurityContextHolder.getContext().authentication = newAuth
+
         response.sendRedirect("/")
         return
     }