diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index d484351e9..17b95eb44 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -1273,15 +1273,25 @@ def login(conn, _) do
 
   defp get_or_make_app() do
     find_attrs = %{client_name: @local_mastodon_name, redirect_uris: "."}
+    scopes = ["read", "write", "follow", "push"]
 
     with %App{} = app <- Repo.get_by(App, find_attrs) do
+      {:ok, app} =
+        if app.scopes == scopes do
+          {:ok, app}
+        else
+          app
+          |> Ecto.Changeset.change(%{scopes: scopes})
+          |> Repo.update()
+        end
+
       {:ok, app}
     else
       _e ->
         cs =
           App.register_changeset(
             %App{},
-            Map.put(find_attrs, :scopes, ["read", "write", "follow"])
+            Map.put(find_attrs, :scopes, scopes)
           )
 
         Repo.insert(cs)
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 562e24ad9..559d3aa0c 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -93,6 +93,10 @@ defmodule Pleroma.Web.Router do
     plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["follow"]})
   end
 
+  pipeline :oauth_push do
+    plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["push"]})
+  end
+
   pipeline :well_known do
     plug(:accepts, ["json", "jrd+json", "xml", "xrd+xml"])
   end
@@ -290,6 +294,10 @@ defmodule Pleroma.Web.Router do
 
       post("/domain_blocks", MastodonAPIController, :block_domain)
       delete("/domain_blocks", MastodonAPIController, :unblock_domain)
+    end
+
+    scope [] do
+      pipe_through(:oauth_push)
 
       post("/push/subscription", MastodonAPIController, :create_push_subscription)
       get("/push/subscription", MastodonAPIController, :get_push_subscription)
diff --git a/test/support/factory.ex b/test/support/factory.ex
index 0c59b3ce8..d1956d1cd 100644
--- a/test/support/factory.ex
+++ b/test/support/factory.ex
@@ -214,7 +214,7 @@ def oauth_app_factory do
     %Pleroma.Web.OAuth.App{
       client_name: "Some client",
       redirect_uris: "https://example.com/callback",
-      scopes: ["read", "write", "follow"],
+      scopes: ["read", "write", "follow", "push"],
       website: "https://example.com",
       client_id: "aaabbb==",
       client_secret: "aaa;/&bbb"