diff --git a/src/core/ApiSchemas.ts b/src/core/ApiSchemas.ts
index ca82eb1d9..9df891c16 100644
--- a/src/core/ApiSchemas.ts
+++ b/src/core/ApiSchemas.ts
@@ -30,6 +30,11 @@ export const TokenPayloadSchema = z.object({
   iss: z.string(),
   aud: z.string(),
   exp: z.number(),
+  role: z
+    .enum(["root", "admin", "mod", "flagged", "banned"])
+    // In case new roles are added in the future.
+    .or(z.string())
+    .optional(),
 });
 export type TokenPayload = z.infer<typeof TokenPayloadSchema>;
 
diff --git a/src/server/Worker.ts b/src/server/Worker.ts
index 497904334..14a380667 100644
--- a/src/server/Worker.ts
+++ b/src/server/Worker.ts
@@ -344,6 +344,11 @@ export async function startWorker() {
         }
         const { persistentId, claims } = result;
 
+        if (claims?.role === "banned") {
+          ws.close(1002, "Account Banned");
+          return;
+        }
+
         if (clientMsg.type === "rejoin") {
           log.info("rejoining game", {
             gameID: clientMsg.gameID,