diff --git a/requirements-swh.txt b/requirements-swh.txt
--- a/requirements-swh.txt
+++ b/requirements-swh.txt
@@ -1,4 +1,4 @@
-swh.auth[django] >= 0.5.0
+swh.auth[django] >= 0.5.3
 swh.core >= 0.0.95
 swh.counters >= 0.5.1
 swh.indexer >= 0.4.1
diff --git a/swh/web/tests/api/views/test_graph.py b/swh/web/tests/api/views/test_graph.py
--- a/swh/web/tests/api/views/test_graph.py
+++ b/swh/web/tests/api/views/test_graph.py
@@ -39,7 +39,7 @@
 
 
 def _authenticate_graph_user(api_client, keycloak_oidc):
-    keycloak_oidc.user_permissions = [API_GRAPH_PERM]
+    keycloak_oidc.client_permissions = [API_GRAPH_PERM]
     oidc_profile = keycloak_oidc.login()
     api_client.credentials(HTTP_AUTHORIZATION=f"Bearer {oidc_profile['refresh_token']}")
 
diff --git a/swh/web/tests/auth/test_views.py b/swh/web/tests/auth/test_views.py
--- a/swh/web/tests/auth/test_views.py
+++ b/swh/web/tests/auth/test_views.py
@@ -287,8 +287,8 @@
     """
     url = reverse("oidc-profile")
     kc_config = get_config()["keycloak"]
-    user_permissions = ["perm1", "perm2"]
-    keycloak_oidc.user_permissions = user_permissions
+    client_permissions = ["perm1", "perm2"]
+    keycloak_oidc.client_permissions = client_permissions
     client.login(code="", code_verifier="", redirect_uri="")
     resp = check_html_get_response(
         client, url, status_code=200, template_used="auth/profile.html"
@@ -302,5 +302,5 @@
     assert_contains(resp, user.first_name)
     assert_contains(resp, user.last_name)
     assert_contains(resp, user.email)
-    for perm in user_permissions:
+    for perm in client_permissions:
         assert_contains(resp, perm)