diff --git a/src/client/jwt.ts b/src/client/jwt.ts
index 99c337f5a..985373ea2 100644
--- a/src/client/jwt.ts
+++ b/src/client/jwt.ts
@@ -1,4 +1,5 @@
 import { decodeJwt } from "jose";
+import { z } from "zod/v4";
 import {
   RefreshResponseSchema,
   TokenPayload,
@@ -138,12 +139,9 @@ function _isLoggedIn(): IsLoggedInResponse {
 
     const result = TokenPayloadSchema.safeParse(payload);
     if (!result.success) {
+      const error = z.prettifyError(result.error);
       // Invalid response
-      console.error(
-        "Invalid payload",
-        // JSON.stringify(payload),
-        JSON.stringify(result.error),
-      );
+      console.error("Invalid payload", error);
       return false;
     }
 
@@ -171,11 +169,8 @@ export async function postRefresh(): Promise<boolean> {
     const body = await response.json();
     const result = RefreshResponseSchema.safeParse(body);
     if (!result.success) {
-      console.error(
-        "Invalid response",
-        JSON.stringify(body),
-        JSON.stringify(result.error),
-      );
+      const error = z.prettifyError(result.error);
+      console.error("Invalid response", error);
       return false;
     }
     localStorage.setItem("token", result.data.token);
@@ -201,11 +196,8 @@ export async function getUserMe(): Promise<UserMeResponse | false> {
     const body = await response.json();
     const result = UserMeResponseSchema.safeParse(body);
     if (!result.success) {
-      console.error(
-        "Invalid response",
-        JSON.stringify(body),
-        JSON.stringify(result.error),
-      );
+      const error = z.prettifyError(result.error);
+      console.error("Invalid response", error);
       return false;
     }
     return result.data;
diff --git a/src/core/ApiSchemas.ts b/src/core/ApiSchemas.ts
index ebb8dc99b..aec1ae506 100644
--- a/src/core/ApiSchemas.ts
+++ b/src/core/ApiSchemas.ts
@@ -42,7 +42,7 @@ export const UserMeResponseSchema = z.object({
   }),
   player: z.object({
     publicId: z.string(),
-    roles: z.string().array(),
+    roles: z.string().array().optional(),
   }),
 });
 export type UserMeResponse = z.infer<typeof UserMeResponseSchema>;
diff --git a/src/server/Client.ts b/src/server/Client.ts
index 6eff8b1b8..295ca499e 100644
--- a/src/server/Client.ts
+++ b/src/server/Client.ts
@@ -12,7 +12,7 @@ export class Client {
     public readonly clientID: ClientID,
     public readonly persistentID: string,
     public readonly claims: TokenPayload | null,
-    public readonly roles: string[] | null,
+    public readonly roles: string[] | undefined,
     public readonly ip: string,
     public readonly username: string,
     public readonly ws: WebSocket,
diff --git a/src/server/Worker.ts b/src/server/Worker.ts
index f3e4d5de2..068799fed 100644
--- a/src/server/Worker.ts
+++ b/src/server/Worker.ts
@@ -314,7 +314,7 @@ export function startWorker() {
               config,
             );
 
-            const roles: string[] | null = null;
+            let roles: string[] | undefined;
 
             // Check user roles
             if (claims !== null) {
@@ -323,6 +323,7 @@ export function startWorker() {
                 log.warn("Token is not valid", claims);
                 return;
               }
+              roles = result.player.roles;
             }
 
             // TODO: Validate client settings based on roles