diff --git a/packages/auth/src/middleware/passport/oidc.js b/packages/auth/src/middleware/passport/oidc.js
index 356d73c022..6b39a0b20e 100644
--- a/packages/auth/src/middleware/passport/oidc.js
+++ b/packages/auth/src/middleware/passport/oidc.js
@@ -110,8 +110,7 @@ exports.strategyFactory = async function (config, callbackUrl) {
         userInfoURL: body.userinfo_endpoint,
         clientID: clientId,
         clientSecret: clientSecret,
-        callbackURL: callbackUrl,
-        scope: "profile email",
+        callbackURL: callbackUrl
       },
       authenticate
     )
diff --git a/packages/worker/src/api/controllers/admin/auth.js b/packages/worker/src/api/controllers/admin/auth.js
index 417fdfdc26..b5c60c764c 100644
--- a/packages/worker/src/api/controllers/admin/auth.js
+++ b/packages/worker/src/api/controllers/admin/auth.js
@@ -153,6 +153,7 @@ exports.oidcPreAuth = async (ctx, next) => {
   const strategy = await oidcStrategyFactory(ctx)
 
   return passport.authenticate(strategy, {
+    // required 'openid' scope is added by oidc strategy factory
     scope: ["profile", "email"],
   })(ctx, next)
 }