diff --git a/passbook/core/models.py b/passbook/core/models.py
index f02c3a482..c9c9ad7ac 100644
--- a/passbook/core/models.py
+++ b/passbook/core/models.py
@@ -152,11 +152,6 @@ class Application(PolicyModel):
 
     objects = InheritanceManager()
 
-    def user_is_authorized(self, user: User) -> bool:
-        """Check if user is authorized to use this application"""
-        from passbook.core.policies import PolicyEngine
-        return PolicyEngine(self.policies.all()).for_user(user).build().result
-
     def get_provider(self):
         """Get casted provider instance"""
         if not self.provider:
diff --git a/passbook/core/views/access.py b/passbook/core/views/access.py
index 254c651bf..293f2324e 100644
--- a/passbook/core/views/access.py
+++ b/passbook/core/views/access.py
@@ -5,6 +5,7 @@ from django.contrib import messages
 from django.utils.translation import gettext as _
 
 from passbook.core.models import Application
+from passbook.core.policies import PolicyEngine
 
 LOGGER = getLogger(__name__)
 
@@ -28,4 +29,6 @@ class AccessMixin:
     def user_has_access(self, application, user):
         """Check if user has access to application."""
         LOGGER.debug("Checking permissions of %s on application %s...", user, application)
-        return application.user_is_authorized(user)
+        policy_engine = PolicyEngine(application.policies.all())
+        policy_engine.for_user(user).with_request(self.request).build()
+        return policy_engine.result
diff --git a/passbook/oauth_provider/views/oauth2.py b/passbook/oauth_provider/views/oauth2.py
index 33b3c2b02..c7d7d6f21 100644
--- a/passbook/oauth_provider/views/oauth2.py
+++ b/passbook/oauth_provider/views/oauth2.py
@@ -2,6 +2,7 @@
 from logging import getLogger
 from urllib.parse import urlencode
 
+from django.contrib import messages
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.shortcuts import get_object_or_404, redirect, reverse
 from django.utils.translation import ugettext as _
@@ -49,7 +50,10 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView):
         provider.save()
         self._application = application
         # Check permissions
-        if not self.user_has_access(self._application, request.user):
+        passing, policy_meaages = self.user_has_access(self._application, request.user)
+        if not passing:
+            for policy_meaage in policy_meaages:
+                messages.error(request, policy_meaage)
             return redirect('passbook_oauth_provider:oauth2-permission-denied')
         actual_response = super().dispatch(request, *args, **kwargs)
         if actual_response.status_code == 400: