diff --git a/src/Http/Actions/Roles/SetModeratorAction.php b/src/Http/Actions/Roles/SetModeratorAction.php
index 8b64c15..1d25b02 100644
--- a/src/Http/Actions/Roles/SetModeratorAction.php
+++ b/src/Http/Actions/Roles/SetModeratorAction.php
@@ -7,6 +7,7 @@
 use Seatplus\Auth\Services\Roles\BaseRoleService;
 use Seatplus\Auth\Services\Roles\ManualRoleService;
 use Seatplus\Auth\Services\Roles\OnRequestRoleService;
+use Seatplus\Auth\Services\Roles\OptInRoleService;
 
 class SetModeratorAction
 {
@@ -19,7 +20,7 @@ public function execute(int $role_id, int $user_id, bool $can_moderate): void
         $this->baseRoleService->for($role_id);
         $this->checkPermission();
 
-        /** @var OnRequestRoleService|ManualRoleService $roleService */
+        /** @var OnRequestRoleService|ManualRoleService|OptInRoleService $roleService */
         $roleService = $this->baseRoleService->getTypeService();
 
         $this->validateRoleType($roleService);
@@ -45,7 +46,7 @@ private function checkPermission(): void
 
     private function validateRoleType(AbstractRoleService $roleService): void
     {
-        if (! $roleService instanceof ManualRoleService && ! $roleService instanceof OnRequestRoleService) {
+        if (! $roleService instanceof ManualRoleService && ! $roleService instanceof OnRequestRoleService && ! $roleService instanceof OptInRoleService) {
             abort(403, 'This action is not allowed');
         }
     }
diff --git a/src/Http/Controllers/Auth/RedirectSSOController.php b/src/Http/Controllers/Auth/RedirectSSOController.php
index ceefe2d..d483c75 100644
--- a/src/Http/Controllers/Auth/RedirectSSOController.php
+++ b/src/Http/Controllers/Auth/RedirectSSOController.php
@@ -47,7 +47,9 @@ public function __construct(
      */
     public function __invoke(Socialite $socialite): RedirectResponse
     {
-        throw_if($this->authenticationService->isUserAuthenticated(), \Exception::class, 'You are already authenticated');
+        if ($this->authenticationService->isUserAuthenticated()) {
+            return redirect('/');
+        }
 
         $scopes = $this->getScopes();
 
diff --git a/src/Services/Roles/OptInRoleService.php b/src/Services/Roles/OptInRoleService.php
index cc74081..b6d9bda 100644
--- a/src/Services/Roles/OptInRoleService.php
+++ b/src/Services/Roles/OptInRoleService.php
@@ -40,6 +40,15 @@ public function leaveRole(User $user): void
         $this->removeRoleMembership($user);
     }
 
+    public function setModerator(User $user, bool $can_moderate = true): void
+    {
+        $this->setRoleMembership(
+            entity_id: $user->id,
+            entity_type: User::class,
+            can_moderate: $can_moderate
+        );
+    }
+
     public function syncMembers(): void
     {
         // remove all members that are not within the criteria
diff --git a/tests/Unit/Controllers/RedirectSSOControllerTest.php b/tests/Unit/Controllers/RedirectSSOControllerTest.php
index 87ae16b..b1569a6 100644
--- a/tests/Unit/Controllers/RedirectSSOControllerTest.php
+++ b/tests/Unit/Controllers/RedirectSSOControllerTest.php
@@ -35,8 +35,10 @@
     expect($response->getTargetUrl())->toBe('http://example.com/redirect');
 });
 
-it('throws exception when user is already authenticated', function () {
+it('redirects home when user is already authenticated', function () {
     $this->authenticationServiceMock->shouldReceive('isUserAuthenticated')->andReturn(true);
 
-    expect(fn () => $this->controller->__invoke($this->socialiteMock))->toThrow(Exception::class, 'You are already authenticated');
+    $response = $this->controller->__invoke($this->socialiteMock);
+
+    expect($response)->toBeInstanceOf(RedirectResponse::class);
 });