diff --git a/pkg/spamasaurusrex/main.go b/pkg/spamasaurusrex/main.go
index 05b3f8c..b79f3a4 100644
--- a/pkg/spamasaurusrex/main.go
+++ b/pkg/spamasaurusrex/main.go
@@ -23,7 +23,7 @@ var config = oauth2.Config{
 	ClientSecret: "XN98Q~Wrp1RfakkihA1BaTKfokOSX9fuB01unanr",
 	Endpoint:     microsoft.AzureADEndpoint("ceeae22e-f163-4ac9-b7c2-45972d3aed4f"),
 	RedirectURL:  "https://alias.spamasaurus.com/callback",
-	Scopes:       []string{"User.Read"},
+	Scopes:       []string{"User.Read", "Profile"},
 }
 
 func rootHandler(w http.ResponseWriter, r *http.Request) {
@@ -33,10 +33,11 @@ func rootHandler(w http.ResponseWriter, r *http.Request) {
 
 func callbackHandler(w http.ResponseWriter, r *http.Request) {
 	// Handle the callback after successful authentication
-	code := r.URL.Query().Get("code")
-	token, err := config.Exchange(r.Context(), code)
+	token, err := config.Exchange(r.Context(), r.URL.Query().Get("code"))
 	if err != nil {
-		w.Write([]byte(spew.Sdump(err)))
+		if retrieveErr, ok := err.(*oauth2.RetrieveError); ok {
+			w.Write([]byte(retrieveErr.ErrorDescription + " (" + retrieveErr.ErrorCode + ")"))
+		}
 		http.Error(w, "Error exchanging code for token", http.StatusInternalServerError)
 		return
 	}