diff --git a/src/Squidex.Domain.Apps.Core.Operations/Scripting/JintUser.cs b/src/Squidex.Domain.Apps.Core.Operations/Scripting/JintUser.cs
index 3d2177d4b..b74911a21 100644
--- a/src/Squidex.Domain.Apps.Core.Operations/Scripting/JintUser.cs
+++ b/src/Squidex.Domain.Apps.Core.Operations/Scripting/JintUser.cs
@@ -48,9 +48,9 @@ namespace Squidex.Domain.Apps.Core.Scripting
         private static ObjectWrapper CreateUser(Engine engine, string id, bool isClient, string email, string name, IEnumerable<Claim> allClaims)
         {
             var claims =
-                allClaims.GroupBy(x => x.Type)
+                allClaims.GroupBy(x => x.Type.Split(ClaimSeparators).Last())
                     .ToDictionary(
-                        x => x.Key.Split(ClaimSeparators).Last(),
+                        x => x,
                         x => x.Select(y => y.Value).ToArray());
 
             return new ObjectWrapper(engine, new { id, isClient, email, name, claims });
diff --git a/src/Squidex.Web/Pipeline/AppResolver.cs b/src/Squidex.Web/Pipeline/AppResolver.cs
index cc0ae853b..97e4e8f1e 100644
--- a/src/Squidex.Web/Pipeline/AppResolver.cs
+++ b/src/Squidex.Web/Pipeline/AppResolver.cs
@@ -65,7 +65,10 @@ namespace Squidex.Web.Pipeline
                 {
                     var identity = user.Identities.First();
 
-                    identity.AddClaim(new Claim(ClaimTypes.Role, role));
+                    if (!string.IsNullOrWhiteSpace(role))
+                    {
+                        identity.AddClaim(new Claim(ClaimTypes.Role, role));
+                    }
 
                     foreach (var permission in permissions)
                     {