diff --git a/web/login/login.py b/web/login/login.py
index 14341f6d3dad7e1d8f3dd3fe7c778268d8514fa5..34a9bfce1f59eba2fe3c55a829cef6a077c4c90e 100644
--- a/web/login/login.py
+++ b/web/login/login.py
@@ -262,14 +262,19 @@ def consent():
             .filter(AppRole.user_id == user.uuid)
             .first()
         )
-        print(role_object)
         if role_object is None or role_object.role_id is None:
             # If there is no role in app_roles or the role_id for an app is null user has no permissions
-            # TODO: how to handle if the user has no access for an app?
             current_app.logger.error(f"User has no access for: {app_obj.name}")
-        app_role = RoleService.get_role_by_id(role_object.role_id)
-        if (app_role is not None):
-            roles.append(app_role.name)
+            return redirect(
+                consent_request.reject(
+                    error="No access",
+                    error_description="The user has no access for app",
+                    error_hint="Contact your administrator",
+                    status_code=401,
+                )
+            )
+        else:
+            roles.append(role_object.role.name)
 
     current_app.logger.info(f"Using '{roles}' when applying consent for {kratos_id}")