diff --git a/config/config.default.php b/config/config.default.php
index b04688c7..ea1a3e98 100644
--- a/config/config.default.php
+++ b/config/config.default.php
@@ -88,6 +88,8 @@ return [
             'url_token' => '[generated by provider]',
             // User info URL which provides userdata
             'url_info' => '[generated by provider]',
+            // OAuth Scopes
+            // 'scope' => ['openid'],
             // Info unique user id field
             'id' => 'uuid',
             // The following fields are used for registration
diff --git a/src/Controllers/OAuthController.php b/src/Controllers/OAuthController.php
index fb9d7066..86a9744c 100644
--- a/src/Controllers/OAuthController.php
+++ b/src/Controllers/OAuthController.php
@@ -88,6 +88,7 @@ class OAuthController extends BaseController
     {
         $providerName = $request->getAttribute('provider');
         $provider = $this->getProvider($providerName);
+        $config = $this->config->get('oauth')[$providerName];
 
         // Handle OAuth error response according to https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2.1
         if ($request->has('error')) {
@@ -95,7 +96,13 @@ class OAuthController extends BaseController
         }
 
         if (!$request->has('code')) {
-            $authorizationUrl = $provider->getAuthorizationUrl();
+            $authorizationUrl = $provider->getAuthorizationUrl(
+                [
+                    // Leauge separates scopes by comma, which is wrong, so we do it
+                    // here properly by spaces. See https://www.rfc-editor.org/rfc/rfc6749#section-3.3
+                    'scope' => join(' ', $config['scope'] ?? [])
+                ]
+            );
             $this->session->set('oauth2_state', $provider->getState());
 
             return $this->redirector->to($authorizationUrl);
@@ -178,7 +185,6 @@ class OAuthController extends BaseController
             $this->addNotification('oauth.connected');
         }
 
-        $config = $this->config->get('oauth')[$providerName];
         $resourceData = $resourceOwner->toArray();
         if (!empty($config['nested_info'])) {
             $resourceData = Arr::dot($resourceData);
diff --git a/tests/Unit/Controllers/OAuthControllerTest.php b/tests/Unit/Controllers/OAuthControllerTest.php
index 3908e94d..9641fdff 100644
--- a/tests/Unit/Controllers/OAuthControllerTest.php
+++ b/tests/Unit/Controllers/OAuthControllerTest.php
@@ -76,6 +76,7 @@ class OAuthControllerTest extends TestCase
             'first_name'    => 'given-name',
             'last_name'     => 'last-name',
             'url'           => 'http://localhost/',
+            'scope'         => ['foo', 'bar'],
         ],
     ];
 
@@ -197,6 +198,7 @@ class OAuthControllerTest extends TestCase
                 $this->assertStringStartsWith('http://localhost/auth', $url);
                 $this->assertStringContainsString('testsystem', $url);
                 $this->assertStringContainsString('code', $url);
+                $this->assertStringContainsString('scope=foo%20bar', $url);
                 return new Response();
             });