diff --git a/template/stacks/monitoring/kube-prometheus/values.yaml b/template/stacks/monitoring/kube-prometheus/values.yaml
index c0754b6..7a0a4f1 100644
--- a/template/stacks/monitoring/kube-prometheus/values.yaml
+++ b/template/stacks/monitoring/kube-prometheus/values.yaml
@@ -40,6 +40,7 @@ grafana:
       enabled: true
       name: Keycloak-OAuth
       allow_sign_up: true
+      use_refresh_token: true
       client_id: $__file{/etc/secrets/auth_generic_oauth/client_id}
       client_secret: $__file{/etc/secrets/auth_generic_oauth/client_secret}
       scopes: openid email profile offline_access roles
@@ -50,7 +51,7 @@ grafana:
       token_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/token
       api_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/userinfo
       redirect_uri: http://{{{ .Env.DOMAIN }}}/grafana/login/generic_oauth
-      role_attribute_path: "contains(resource_access.\"grafana-oauth\".roles[*], 'admin') && 'Admin' || contains(resource_access.\"grafana-oauth\".roles[*], 'editor') && 'Editor' || 'Viewer'"
+      role_attribute_path: "contains(resource_access.\"grafana\".roles[*], 'admin') && 'Admin' || contains(resource_access.\"grafana\".roles[*], 'editor') && 'Editor' || 'Viewer'"
       
   extraSecretMounts:
     - name: auth-generic-oauth-secret-mount