diff --git a/code/websites/pokedex.online/src/components/DeveloperTools.vue b/code/websites/pokedex.online/src/components/DeveloperTools.vue
index e293961..4696de7 100644
--- a/code/websites/pokedex.online/src/components/DeveloperTools.vue
+++ b/code/websites/pokedex.online/src/components/DeveloperTools.vue
@@ -137,15 +137,15 @@ const isOpen = ref(false);
 // Show in development mode or when authenticated with permission in production
 const isAvailable = computed(() => {
   const isDev = process.env.NODE_ENV === 'development';
-  
+
   // Check JWT token permissions
   const hasJwtPermission = user.value?.permissions?.includes(
     'developer_tools.view'
   );
-  
+
   // Check Discord OAuth permissions
   const hasDiscordPermission = discord.hasDevAccess();
-  
+
   const hasPermission = hasJwtPermission || hasDiscordPermission;
   const isAuthenticatedInProduction =
     process.env.NODE_ENV === 'production' && hasPermission;
diff --git a/code/websites/pokedex.online/src/composables/useOAuth.js b/code/websites/pokedex.online/src/composables/useOAuth.js
index e60d14a..7a5affa 100644
--- a/code/websites/pokedex.online/src/composables/useOAuth.js
+++ b/code/websites/pokedex.online/src/composables/useOAuth.js
@@ -258,7 +258,7 @@ export function useOAuth(provider = 'challonge') {
       // Calculate token expiration time (expires_in is in seconds)
       const expiresAt = Date.now() + (data.expires_in || 3600) * 1000;
 
-      // Store tokens
+      // Store tokens (including permissions if provided)
       const tokens = {
         access_token: data.access_token,
         refresh_token: data.refresh_token || null,
@@ -266,6 +266,7 @@ export function useOAuth(provider = 'challonge') {
         expires_in: data.expires_in || 3600,
         expires_at: expiresAt,
         scope: data.scope,
+        permissions: data.permissions || [], // Store permissions from backend
         created_at: Date.now()
       };