diff --git a/.env.example b/.env.example
index 90bb8c00..a801b29b 100644
--- a/.env.example
+++ b/.env.example
@@ -14,6 +14,7 @@ NEXTAUTH_CLIENT_SECRET="KEYCLOAK_SECRET"
 NEXTAUTH_SECRET="NEXTAUTH_SECRET"
 NEXTAUTH_ISSUER="http://localhost:8085/realms/orchestrator"
 NEXTAUTH_WELL_KNOWN_OVERRIDE="http://localhost:8085/auth/.well-known/openid-configuration"
+NEXTATHU_AUTHORIZATION_SCOPE="openid profile"
 NEXTAUTH_URL=http://localhost:3000/api/auth
 
 # docker-compose variables
diff --git a/pages/api/auth/[...nextauth].ts b/pages/api/auth/[...nextauth].ts
index f405b6a9..e4e8976d 100644
--- a/pages/api/auth/[...nextauth].ts
+++ b/pages/api/auth/[...nextauth].ts
@@ -21,7 +21,11 @@ const wfoProvider: OAuthConfig<WfoUserProfile> = {
     wellKnown:
         process.env.NEXTAUTH_WELL_KNOWN_OVERRIDE ??
         `${process.env.NEXTAUTH_ISSUER || ''}/.well-known/openid-configuration`,
-    authorization: { params: { scope: 'openid profile' } },
+    authorization: {
+        params: {
+            scope: process.env.NEXTAUTH_AUTHORIZATION_SCOPE ?? 'openid profile',
+        },
+    },
     idToken: true,
     checks: ['pkce', 'state'],
     userinfo: {