feat: add config variable to specify the requested OIDC sopes

backend/prisma/seed/config.seed.ts

@@ -288,6 +288,10 @@ const configVariables: ConfigVariables = {
       type: "boolean",
       defaultValue: "false",
     },
+    "oidc-scope": {
+      type: "string",
+      defaultValue: "openid email profile",
+    },
     "oidc-usernameClaim": {
       type: "string",
       defaultValue: "",

backend/src/oauth/provider/genericOidc.provider.ts

@@ -70,7 +70,7 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
       new URLSearchParams({
         client_id: this.config.get(`oauth.${this.name}-clientId`),
         response_type: "code",
-        scope: "openid profile email",
+        scope: this.config.get(`oauth.${this.name}-scope`),
         redirect_uri: this.getRedirectUri(),
         state,
         nonce,

frontend/src/i18n/translations/en-US.ts

@@ -566,6 +566,9 @@ export default {
   "admin.config.oauth.oidc-sign-out": "Sign out from OpenID Connect",
   "admin.config.oauth.oidc-sign-out.description":
     "Whether the “Sign out” button will sign out from the OpenID Connect provider",
+  "admin.config.oauth.oidc-scope": "OpenID Connect scope",
+  "admin.config.oauth.oidc-scope.description":
+    "Scopes which should be requested from the OpenID Connect provider.",
   "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
   "admin.config.oauth.oidc-username-claim.description":
     "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",