diff --git a/clerk/tokens.go b/clerk/tokens.go
index 4a852955..3d88abe3 100644
--- a/clerk/tokens.go
+++ b/clerk/tokens.go
@@ -18,12 +18,13 @@ type TokenClaims struct {
 
 type SessionClaims struct {
 	jwt.Claims
-	SessionID              string          `json:"sid"`
-	AuthorizedParty        string          `json:"azp"`
-	ActiveOrganizationID   string          `json:"org_id"`
-	ActiveOrganizationSlug string          `json:"org_slug"`
-	ActiveOrganizationRole string          `json:"org_role"`
-	Actor                  json.RawMessage `json:"act,omitempty"`
+	SessionID                     string          `json:"sid"`
+	AuthorizedParty               string          `json:"azp"`
+	ActiveOrganizationID          string          `json:"org_id"`
+	ActiveOrganizationSlug        string          `json:"org_slug"`
+	ActiveOrganizationRole        string          `json:"org_role"`
+	ActiveOrganizationPermissions []string        `json:"org_permissions"`
+	Actor                         json.RawMessage `json:"act,omitempty"`
 }
 
 // DecodeToken decodes a jwt token without verifying it.
diff --git a/clerk/tokens_test.go b/clerk/tokens_test.go
index 763529fa..c4928dba 100644
--- a/clerk/tokens_test.go
+++ b/clerk/tokens_test.go
@@ -48,11 +48,12 @@ var (
 			Expiry:   nil,
 			IssuedAt: nil,
 		},
-		SessionID:              "session_id",
-		AuthorizedParty:        "authorized_party",
-		ActiveOrganizationID:   "org_id",
-		ActiveOrganizationSlug: "org_slug",
-		ActiveOrganizationRole: "org_role",
+		SessionID:                     "session_id",
+		AuthorizedParty:               "authorized_party",
+		ActiveOrganizationID:          "org_id",
+		ActiveOrganizationSlug:        "org_slug",
+		ActiveOrganizationRole:        "org_role",
+		ActiveOrganizationPermissions: []string{"org:billing:manage", "org:report:view"},
 	}
 )