diff --git a/packages/core/src/oidc/init.ts b/packages/core/src/oidc/init.ts
index fc744249d..d0145c8f5 100644
--- a/packages/core/src/oidc/init.ts
+++ b/packages/core/src/oidc/init.ts
@@ -36,11 +36,15 @@ export default async function initOidc(app: Koa): Promise<Provider> {
       keys,
     },
     features: {
+      userinfo: { enabled: true },
       revocation: { enabled: true },
       introspection: { enabled: true },
       devInteractions: { enabled: false },
       resourceIndicators: {
         enabled: true,
+        // Disable the auto use of authorization_code granted resource feature
+        // https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#usegrantedresource
+        useGrantedResource: () => false,
         getResourceServerInfo: async (ctx, indicator) => {
           const resourceServer = await findResourceByIdentifier(indicator);
 
diff --git a/packages/core/src/routes/session.ts b/packages/core/src/routes/session.ts
index c8059f8c6..45b027ce7 100644
--- a/packages/core/src/routes/session.ts
+++ b/packages/core/src/routes/session.ts
@@ -76,18 +76,6 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
     const { session, grantId, params, prompt } = interaction;
     assertThat(session, 'session.not_found');
 
-    const { scope } = object({
-      scope: string().optional(),
-    }).parse(params);
-
-    // LOG-49: Connect and check scope with resource indicators
-    const scopes = scope?.split(' ') ?? [];
-    const invalidScopes = scopes.filter((scope) => !['openid', 'offline_access'].includes(scope));
-    assertThat(invalidScopes.length === 0, 'oidc.invalid_scope', {
-      count: invalidScopes.length,
-      scopes: invalidScopes.join(', '),
-    });
-
     const { accountId } = session;
     const grant =
       conditional(grantId && (await provider.Grant.find(grantId))) ??
@@ -96,13 +84,20 @@ export default function sessionRoutes<T extends AnonymousRouter>(router: T, prov
     // V2: fulfill missing claims / resources
     const PromptDetailsBody = object({
       missingOIDCScope: string().array().optional(),
+      missingResourceScopes: object({}).catchall(string().array()).optional(),
     });
-    const { missingOIDCScope } = PromptDetailsBody.parse(prompt.details);
+    const { missingOIDCScope, missingResourceScopes } = PromptDetailsBody.parse(prompt.details);
 
     if (missingOIDCScope) {
       grant.addOIDCScope(missingOIDCScope.join(' '));
     }
 
+    if (missingResourceScopes) {
+      for (const [indicator, scope] of Object.entries(missingResourceScopes)) {
+        grant.addResourceScope(indicator, scope.join(' '));
+      }
+    }
+
     const finalGrantId = await grant.save();
 
     // V2: configure consent