diff --git a/CHANGELOG.md b/CHANGELOG.md
index 09b3ce217..fa3d93138 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -30,6 +30,7 @@
 - Update ApiV1Dot1Controller, fix in-app registration ([56f17b99](https://github.com/pixelfed/pixelfed/commit/56f17b99))
 - Update VerifyCsrfToken middleware, add oauth token. Fixes #5426 ([79ebbc2d](https://github.com/pixelfed/pixelfed/commit/79ebbc2d))
 - Update AdminSettingsController, increase max photo size limit from 50MB to 1GB ([aa448354](https://github.com/pixelfed/pixelfed/commit/aa448354))
+- Update BearerTokenResponse, return scopes in /oauth/token endpoint. Fixes #5286 ([d8f5c302](https://github.com/pixelfed/pixelfed/commit/d8f5c302))
 -  ([](https://github.com/pixelfed/pixelfed/commit/))
 
 ## [v0.12.4 (2024-11-08)](https://github.com/pixelfed/pixelfed/compare/v0.12.4...dev)
diff --git a/app/Auth/BearerTokenResponse.php b/app/Auth/BearerTokenResponse.php
index 0e1aa8a19..c9dc0a602 100644
--- a/app/Auth/BearerTokenResponse.php
+++ b/app/Auth/BearerTokenResponse.php
@@ -11,13 +11,13 @@ class BearerTokenResponse extends \League\OAuth2\Server\ResponseTypes\BearerToke
      * AuthorizationServer::getResponseType() to pull in your version of
      * this class rather than the default.
      *
-     * @param AccessTokenEntityInterface $accessToken
      *
      * @return array
      */
     protected function getExtraParams(AccessTokenEntityInterface $accessToken)
     {
         return [
+            'scopes' => array_map(fn ($scope) => $scope->getIdentifier(), $accessToken->getScopes()),
             'created_at' => time(),
         ];
     }