diff --git a/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java b/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java
index e60a0d6..fb28054 100644
--- a/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java
+++ b/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java
@@ -97,7 +97,7 @@ public class AuthorizationTokenService {
KeycloakEvaluationContext evaluationContext = new KeycloakEvaluationContext(this.authorization.getKeycloakSession());
KeycloakIdentity identity = (KeycloakIdentity) evaluationContext.getIdentity();
- if (!identity.hasRole("uma_authorization")) {
+ if (!identity.hasRealmRole("uma_authorization")) {
throw new ErrorResponseException(OAuthErrorException.INVALID_SCOPE, "Requires uma_authorization scope.", Status.FORBIDDEN);
}
