diff --git a/src/GhostZero/BitinflowAccounts/Auth/TokenGuard.php b/src/GhostZero/BitinflowAccounts/Auth/TokenGuard.php
index 9778839..b153ac2 100644
--- a/src/GhostZero/BitinflowAccounts/Auth/TokenGuard.php
+++ b/src/GhostZero/BitinflowAccounts/Auth/TokenGuard.php
@@ -137,7 +137,7 @@ class TokenGuard
         // is physically logged into the application via the application's interface.
         /** @var Authenticatable|HasBitinflowTokens $user */
         if ($user = $this->provider->retrieveById($token['sub'])) {
-            return $user->withBitinflowAccessToken((object)['scopes' => '*']);
+            return $user->withBitinflowAccessToken((object)['scopes' => ['*']]);
         }
 
         return null;
diff --git a/src/GhostZero/BitinflowAccounts/Traits/HasBitinflowTokens.php b/src/GhostZero/BitinflowAccounts/Traits/HasBitinflowTokens.php
index 76a40b1..08caed7 100644
--- a/src/GhostZero/BitinflowAccounts/Traits/HasBitinflowTokens.php
+++ b/src/GhostZero/BitinflowAccounts/Traits/HasBitinflowTokens.php
@@ -2,7 +2,6 @@
 
 namespace GhostZero\BitinflowAccounts\Traits;
 
-use Illuminate\Container\Container;
 use stdClass;
 
 trait HasBitinflowTokens
@@ -27,11 +26,15 @@ trait HasBitinflowTokens
     /**
      * Determine if the current API token has a given scope.
      *
-     * @param string $scopeUserProvider
+     * @param string $scope
      * @return bool
      */
     public function bitinflowTokenCan(string $scope): bool
     {
+        if (in_array('*', $this->accessToken->scopes)) {
+            return true;
+        }
+
         return $this->accessToken ? in_array($scope, $this->accessToken->scopes) : false;
     }