diff --git a/config/config.go b/config/config.go
index faf73fb..cfb5999 100644
--- a/config/config.go
+++ b/config/config.go
@@ -108,6 +108,7 @@ type (
 		TokenEndpoint    string `ini:"token_endpoint"`
 		InspectEndpoint  string `ini:"inspect_endpoint"`
 		AuthEndpoint     string `ini:"auth_endpoint"`
+		Scope            string `ini:"scope"`
 		AllowDisconnect  bool   `ini:"allow_disconnect"`
 	}
 
diff --git a/oauth.go b/oauth.go
index e3f65ef..6cbddff 100644
--- a/oauth.go
+++ b/oauth.go
@@ -265,6 +265,7 @@ func configureGenericOauth(parentHandler *Handler, r *mux.Router, app *App) {
 			AuthLocation:     app.Config().GenericOauth.Host + app.Config().GenericOauth.AuthEndpoint,
 			HttpClient:       config.DefaultHTTPClient(),
 			CallbackLocation: callbackLocation,
+			Scope:            config.OrDefaultString(app.Config().GenericOauth.Scope, "read_user"),
 		}
 		configureOauthRoutes(parentHandler, r, app, oauthClient, callbackProxy)
 	}
diff --git a/oauth_generic.go b/oauth_generic.go
index ce65bca..cb82ad0 100644
--- a/oauth_generic.go
+++ b/oauth_generic.go
@@ -15,6 +15,7 @@ type genericOauthClient struct {
 	ExchangeLocation string
 	InspectLocation  string
 	CallbackLocation string
+	Scope            string
 	HttpClient       HttpClient
 }
 
@@ -46,7 +47,7 @@ func (c genericOauthClient) buildLoginURL(state string) (string, error) {
 	q.Set("redirect_uri", c.CallbackLocation)
 	q.Set("response_type", "code")
 	q.Set("state", state)
-	q.Set("scope", "read_user")
+	q.Set("scope", c.Scope)
 	u.RawQuery = q.Encode()
 	return u.String(), nil
 }
@@ -55,7 +56,7 @@ func (c genericOauthClient) exchangeOauthCode(ctx context.Context, code string)
 	form := url.Values{}
 	form.Add("grant_type", "authorization_code")
 	form.Add("redirect_uri", c.CallbackLocation)
-	form.Add("scope", "read_user")
+	form.Add("scope", c.Scope)
 	form.Add("code", code)
 	req, err := http.NewRequest("POST", c.ExchangeLocation, strings.NewReader(form.Encode()))
 	if err != nil {
@@ -110,5 +111,6 @@ func (c genericOauthClient) inspectOauthAccessToken(ctx context.Context, accessT
 	if inspectResponse.Error != "" {
 		return nil, errors.New(inspectResponse.Error)
 	}
+
 	return &inspectResponse, nil
 }