diff --git a/lib/auth/oauth2/index.js b/lib/auth/oauth2/index.js
index fdb035bb..f223a159 100644
--- a/lib/auth/oauth2/index.js
+++ b/lib/auth/oauth2/index.js
@@ -15,7 +15,8 @@ passport.use(new OAuth2CustomStrategy({
   clientID: config.oauth2.clientID,
   clientSecret: config.oauth2.clientSecret,
   callbackURL: config.serverURL + '/auth/oauth2/callback',
-  userProfileURL: config.oauth2.userProfileURL
+  userProfileURL: config.oauth2.userProfileURL,
+  scope: config.oauth2.scope
 }, passportGeneralCallback))
 
 oauth2Auth.get('/auth/oauth2', function (req, res, next) {
diff --git a/lib/config/default.js b/lib/config/default.js
index 65f29b36..12324680 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -98,7 +98,8 @@ module.exports = {
     userProfileURL: undefined,
     userProfileUsernameAttr: 'username',
     userProfileDisplayNameAttr: 'displayName',
-    userProfileEmailAttr: 'email'
+    userProfileEmailAttr: 'email',
+    scope: 'email'
   },
   facebook: {
     clientID: undefined,
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 8426d82f..e46c58f1 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -88,14 +88,15 @@ module.exports = {
   oauth2: {
     providerName: process.env.CMD_OAUTH2_PROVIDERNAME,
     baseURL: process.env.CMD_OAUTH2_BASEURL,
+    clientID: process.env.CMD_OAUTH2_CLIENT_ID,
+    clientSecret: process.env.CMD_OAUTH2_CLIENT_SECRET,
+    authorizationURL: process.env.CMD_OAUTH2_AUTHORIZATION_URL,
+    tokenURL: process.env.CMD_OAUTH2_TOKEN_URL,
     userProfileURL: process.env.CMD_OAUTH2_USER_PROFILE_URL,
+    scope: process.env.CMD_OAUTH2_SCOPE,
     userProfileUsernameAttr: process.env.CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR,
     userProfileDisplayNameAttr: process.env.CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR,
-    userProfileEmailAttr: process.env.CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR,
-    tokenURL: process.env.CMD_OAUTH2_TOKEN_URL,
-    authorizationURL: process.env.CMD_OAUTH2_AUTHORIZATION_URL,
-    clientID: process.env.CMD_OAUTH2_CLIENT_ID,
-    clientSecret: process.env.CMD_OAUTH2_CLIENT_SECRET
+    userProfileEmailAttr: process.env.CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR
   },
   dropbox: {
     clientID: process.env.CMD_DROPBOX_CLIENTID,