diff --git a/.github/workflows/authorization-server-make.yaml b/.github/workflows/authorization-server-make.yaml
index d58e45d808..f0e3427daa 100644
--- a/.github/workflows/authorization-server-make.yaml
+++ b/.github/workflows/authorization-server-make.yaml
@@ -14,7 +14,7 @@ on:
   
 env:
   REGISTRY_IMAGE: pivotalrabbitmq/spring-authorization-server
-  IMAGE_TAG: 0.0.9
+  IMAGE_TAG: 0.0.10
 jobs:
   docker:
     runs-on: ubuntu-latest
diff --git a/selenium/authorization-server/pom.xml b/selenium/authorization-server/pom.xml
index 39534afeb6..f23f65e8ba 100644
--- a/selenium/authorization-server/pom.xml
+++ b/selenium/authorization-server/pom.xml
@@ -10,7 +10,7 @@
 	</parent>
 	<groupId>com.rabbitmq</groupId>
 	<artifactId>authorization-server</artifactId>
-	<version>0.0.9</version>
+	<version>0.0.10</version>
 	<name>authorization-server</name>
 	<description>Authorization Server for Selenium</description>
 	<url/>
diff --git a/selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SecurityConfig.java b/selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SecurityConfig.java
index 30068bfff6..e695a5bd2a 100644
--- a/selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SecurityConfig.java
+++ b/selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SecurityConfig.java
@@ -5,6 +5,9 @@ import java.security.KeyPairGenerator;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.UUID;
+import java.util.Collection;
+import java.util.List;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -30,6 +33,8 @@ import org.springframework.security.web.authentication.LoginUrlAuthenticationEnt
 import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimsContext;
 
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jose.jwk.RSAKey;
 import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
@@ -130,9 +135,20 @@ public class SecurityConfig {
 			logger.info("authorities : {}", principal.getAuthorities());
 			logger.info("authorized scopes : {}", context.getAuthorizedScopes());
 				
-			context.getClaims()
-					.audience(AudienceAuthority.getAll(principal))
-					.claim("extra_scope", ScopeAuthority.getAuthorites(principal));
+			if (AuthorizationGrantType.CLIENT_CREDENTIALS.equals(context.getAuthorizationGrantType())) {
+				Collection<String> extra_scope = context.getRegisteredClient().getScopes();
+				logger.info("granting extra_scope: {}", extra_scope);
+				context.getClaims()
+					.claim("extra_scope", extra_scope);
+			} else {
+				Collection<String> extra_scope = ScopeAuthority.getAuthorites(principal);
+				List<String> audience = AudienceAuthority.getAll(principal);
+				logger.info("granting extra_scope: {}", extra_scope);
+				logger.info("granting audience: {}", audience);
+				context.getClaims()
+					.audience(audience)
+					.claim("extra_scope", extra_scope);
+			}
 		};
 	}
 	@Bean