diff --git a/apps/permission/backends.py b/apps/permission/backends.py
index a7beeeb6..37134713 100644
--- a/apps/permission/backends.py
+++ b/apps/permission/backends.py
@@ -39,7 +39,15 @@ class PermissionBackend(ModelBackend):
 
             def permission_filter(membership_obj):
                 query = Q(pk=-1)
+                if 'mask' in request.GET:
+                    try:
+                        rank = int(request.GET['mask'])
+                    except:
+                        rank = 42
+                    query &= Q(mask__rank__lte=rank)
                 for scope in request.auth.scope.split(' '):
+                    if scope == "openid":
+                        continue
                     permission_id, club_id = scope.split('_')
                     if int(club_id) == membership_obj.club_id:
                         query |= Q(pk=permission_id)
diff --git a/apps/permission/scopes.py b/apps/permission/scopes.py
index 2842546f..d05bf297 100644
--- a/apps/permission/scopes.py
+++ b/apps/permission/scopes.py
@@ -10,6 +10,7 @@ from note_kfet.middlewares import get_current_request
 from .backends import PermissionBackend
 from .models import Permission
 
+from django.utils.translation import gettext_lazy as _
 
 class PermissionScopes(BaseScopes):
     """
@@ -32,7 +33,7 @@ class PermissionScopes(BaseScopes):
 
         scopes = {f"{p.id}_{club.id}": f"{p.description} (club {club.name})"
                   for p in Permission.objects.all() for club in Club.objects.all()}
-        scopes['openid'] = "OpenID Connect"
+        scopes['openid'] = _("OpenID Connect (username and email)")
         return scopes
 
     def get_available_scopes(self, application=None, request=None, *args, **kwargs):