diff --git a/Services/server/src/utils/auth.ts b/Services/server/src/utils/auth.ts
index b7ae6cd..0c0835a 100644
--- a/Services/server/src/utils/auth.ts
+++ b/Services/server/src/utils/auth.ts
@@ -28,7 +28,9 @@ export async function expressAuthentication(
   securityName: string,
   scopes?: string[],
 ) {
-  if (process.env.AUTH_BYPASS) return { preferred_username: "bypassed" };
+  if (process.env.NODE_ENV !== "production" && process.env.AUTH_BYPASS) {
+    return { preferred_username: "bypassed" };
+  }
 
   if (securityName !== "bearerAuth") throw new Error("Unknown authentication method.");
 
@@ -36,7 +38,7 @@ export async function expressAuthentication(
     ? request.headers["authorization"].split(" ")[1]
     : null;
 
-  if (!token) throw new HttpError(HttpStatusCode.UNAUTHORIZED, "No token provided.");
+  if (!token) throw new HttpError(HttpStatusCode.UNAUTHORIZED, "ไม่พบข้อมูลสำหัรบบืนบันตัวตน");
 
   let payload: JwtPayload = {};
 
@@ -55,12 +57,11 @@ export async function expressAuthentication(
 
   if (
     scopes &&
-    scopes.length > 0 &&
     scopes
       .map((v) => (v === "management-role" ? process.env.MANAGEMENT_ROLE : v))
       .every((v) => !payload.resource_access[payload.azp].roles.includes(v))
   ) {
-    throw new HttpError(HttpStatusCode.FORBIDDEN, "You are not allowed to perform this action.");
+    throw new HttpError(HttpStatusCode.FORBIDDEN, "คุณไม่มีสิทธิในเข้าถึงข้อมูลนี้");
   }
 
   return payload;
@@ -68,7 +69,7 @@ export async function expressAuthentication(
 
 async function verifyOffline(token: string) {
   const payload = await jwtVerify(token).catch((_) => null);
-  if (!payload) throw new HttpError(HttpStatusCode.UNAUTHORIZED, "Invalid token provided.");
+  if (!payload) throw new HttpError(HttpStatusCode.UNAUTHORIZED, "ไม่สามารถยืนยันตัวตนได้");
   return payload;
 }
 
@@ -77,8 +78,8 @@ async function verifyOnline(token: string) {
     headers: { authorization: `Bearer ${token}` },
   }).catch((e) => console.error(e));
 
-  if (!res) throw new Error("Cannot connect to auth service.");
-  if (!res.ok) throw new HttpError(HttpStatusCode.UNAUTHORIZED, "Invalid token provided.");
+  if (!res) throw new Error("ไม่สามารถเข้าถึงระบบยืนยันตัวตน");
+  if (!res.ok) throw new HttpError(HttpStatusCode.UNAUTHORIZED, "ไม่สามารถยืนยันตัวตนได้");
 
   return await jwtDecode(token);
 }