diff --git a/src/middlewares/auth-provider/keycloak.ts b/src/middlewares/auth-provider/keycloak.ts
index 05d856f..5201c36 100644
--- a/src/middlewares/auth-provider/keycloak.ts
+++ b/src/middlewares/auth-provider/keycloak.ts
@@ -45,7 +45,7 @@ export async function keycloakAuth(request: Express.Request, roles?: string[]) {
       }
   }
 
-  if (Array.isArray(roles) && roles.length > 0 && Array.isArray(payload.roles)) {
+  if (Array.isArray(payload.roles) && Array.isArray(roles) && roles.length > 0) {
     if (!roles.some((a: string) => payload.roles.includes(a))) {
       throw new HttpError(HttpStatus.FORBIDDEN, "คุณไม่มีสิทธิในการเข้าถึงข้อมูลดังกล่าว");
     }