diff --git a/server/env/env.go b/server/env/env.go
index 7a28921..d96148c 100644
--- a/server/env/env.go
+++ b/server/env/env.go
@@ -218,23 +218,26 @@ func InitEnv() {
 		constants.DISABLE_MAGIC_LINK_LOGIN = true
 	}
 
-	rolesSplit := strings.Split(os.Getenv("ROLES"), ",")
+	rolesEnv := strings.TrimSpace(os.Getenv("ROLES"))
+	rolesSplit := strings.Split(rolesEnv, ",")
 	roles := []string{}
-	if len(rolesSplit) == 0 {
+	if len(rolesEnv) == 0 {
 		roles = []string{"user"}
 	}
 
-	defaultRoleSplit := strings.Split(os.Getenv("DEFAULT_ROLES"), ",")
+	defaultRolesEnv := strings.TrimSpace(os.Getenv("DEFAULT_ROLES"))
+	defaultRoleSplit := strings.Split(defaultRolesEnv, ",")
 	defaultRoles := []string{}
 
-	if len(defaultRoleSplit) == 0 {
+	if len(defaultRolesEnv) == 0 {
 		defaultRoles = []string{"user"}
 	}
 
-	protectedRolesSplit := strings.Split(os.Getenv("PROTECTED_ROLES"), ",")
+	protectedRolesEnv := strings.TrimSpace(os.Getenv("PROTECTED_ROLES"))
+	protectedRolesSplit := strings.Split(protectedRolesEnv, ",")
 	protectedRoles := []string{}
 
-	if len(protectedRolesSplit) > 0 {
+	if len(protectedRolesEnv) > 0 {
 		for _, val := range protectedRolesSplit {
 			trimVal := strings.TrimSpace(val)
 			protectedRoles = append(protectedRoles, trimVal)
diff --git a/server/resolvers/signup.go b/server/resolvers/signup.go
index 46e057f..aa9a241 100644
--- a/server/resolvers/signup.go
+++ b/server/resolvers/signup.go
@@ -35,19 +35,6 @@ func Signup(ctx context.Context, params model.SignUpInput) (*model.AuthResponse,
 		return res, fmt.Errorf(`invalid email address`)
 	}
 
-	inputRoles := []string{}
-
-	if len(params.Roles) > 0 {
-		// check if roles exists
-		if !utils.IsValidRoles(constants.ROLES, params.Roles) {
-			return res, fmt.Errorf(`invalid roles`)
-		} else {
-			inputRoles = params.Roles
-		}
-	} else {
-		inputRoles = constants.DEFAULT_ROLES
-	}
-
 	// find user with email
 	existingUser, err := db.Mgr.GetUserByEmail(params.Email)
 	if err != nil {
@@ -61,6 +48,19 @@ func Signup(ctx context.Context, params model.SignUpInput) (*model.AuthResponse,
 		return res, fmt.Errorf("%s has already signed up. please complete the email verification process or reset the password", params.Email)
 	}
 
+	inputRoles := []string{}
+
+	if len(params.Roles) > 0 {
+		// check if roles exists
+		if !utils.IsValidRoles(constants.ROLES, params.Roles) {
+			return res, fmt.Errorf(`invalid roles`)
+		} else {
+			inputRoles = params.Roles
+		}
+	} else {
+		inputRoles = constants.DEFAULT_ROLES
+	}
+
 	user := db.User{
 		Email: params.Email,
 	}