diff --git a/src/oidc-guard/Program.cs b/src/oidc-guard/Program.cs
index eda79e2..96e9198 100644
--- a/src/oidc-guard/Program.cs
+++ b/src/oidc-guard/Program.cs
@@ -235,7 +235,7 @@ public static void Main(string[] args)
 
         app.MapGet("/robots.txt", () => "User-agent: *\r\nDisallow: /");
 
-        app.MapGet("/userinfo", (HttpContext httpContext) => httpContext.User.Claims.ToDictionary(x => x.Type, x => x.Value))
+        app.MapGet("/userinfo", (HttpContext httpContext) => httpContext.User.Claims.GroupBy(x => x.Type).ToDictionary(x => x.Key, y => y.Count() > 1 ? (object)y.Select(x => x.Value) : y.First().Value))
             .RequireAuthorization();
 
         app.MapGet("/auth", ([FromServices] Settings settings, [FromServices] IMeterFactory meterFactory, HttpContext httpContext) =>
diff --git a/tests/oidc-guard-tests/AuthTests.cs b/tests/oidc-guard-tests/AuthTests.cs
index fd86e16..2a8c568 100644
--- a/tests/oidc-guard-tests/AuthTests.cs
+++ b/tests/oidc-guard-tests/AuthTests.cs
@@ -510,6 +510,31 @@ public async Task UserInfo()
         json.RootElement.GetProperty("username").GetString().Should().Be("test");
     }
 
+    [Fact]
+    public async Task UserInfoMulti()
+    {
+        var _client = AuthTestsHelpers.GetClient();
+
+        var claims = new List<Claim>()
+        {
+            new Claim("username", "test"),
+            new Claim("multi", "one"),
+            new Claim("multi", "two")
+        };
+
+        _client.DefaultRequestHeaders.TryAddWithoutValidation(HeaderNames.Authorization, FakeJwtIssuer.GenerateBearerJwtToken(claims));
+
+        var response = await _client.GetAsync("/userinfo");
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+        var json = await response.Content.ReadFromJsonAsync<JsonDocument>();
+
+        json.RootElement.GetProperty("username").GetString().Should().Be("test");
+
+        json.RootElement.GetProperty("multi").GetArrayLength().Should().Be(2);
+        json.RootElement.GetProperty("multi").EnumerateArray().ElementAt(0).GetString().Should().Be("one");
+        json.RootElement.GetProperty("multi").EnumerateArray().ElementAt(1).GetString().Should().Be("two");
+    }
+
     [Theory]
     [InlineData("?skip-auth=GET,test", "https://test.com", "GET", HttpStatusCode.OK)]
     [InlineData("?skip-auth=GET,test", "https://test.com", "POST", HttpStatusCode.Unauthorized)]