diff --git a/src/main/java/org/caosdb/server/accessControl/UserSources.java b/src/main/java/org/caosdb/server/accessControl/UserSources.java
index ad6173618770b3093e3e64d16791999b893a1a65..3c6a364651383de496501fb43854eeda907f5e1f 100644
--- a/src/main/java/org/caosdb/server/accessControl/UserSources.java
+++ b/src/main/java/org/caosdb/server/accessControl/UserSources.java
@@ -242,6 +242,9 @@ public class UserSources extends HashMap<String, UserSource> {
       roles.add(Role.ANONYMOUS_ROLE.toString());
       return roles;
     }
+    if (principal instanceof OneTimeAuthenticationToken) {
+      return new HashSet<>(((OneTimeAuthenticationToken) principal).getRoles());
+    }
 
     return resolveRoles(principal.getRealm(), principal.getUsername());
   }