diff --git a/docs/configuration-config-file.md b/docs/configuration-config-file.md
index 5134af7f4..9276e2c43 100644
--- a/docs/configuration-config-file.md
+++ b/docs/configuration-config-file.md
@@ -152,7 +152,7 @@ these are rarely used for various reasons.
 
 | variables | example values | description |
 | --------- | ------ | ----------- |
-| `oauth2` | `{baseURL: ..., userProfileURL: ..., userProfileUsernameAttr: ..., userProfileDisplayNameAttr: ..., userProfileEmailAttr: ..., tokenURL: ..., authorizationURL: ..., clientID: ..., clientSecret: ...}` | An object detailing your OAuth2 provider. Refer to the [Mattermost](guides/auth/mattermost-self-hosted.md) or [Nextcloud](guides/auth/nextcloud.md) examples for more details!|
+| `oauth2` | `{baseURL: ..., userProfileURL: ..., userProfileUsernameAttr: ..., userProfileDisplayNameAttr: ..., userProfileEmailAttr: ..., tokenURL: ..., authorizationURL: ..., clientID: ..., clientSecret: ..., scope: ...}` | An object detailing your OAuth2 provider. Refer to the [Mattermost](guides/auth/mattermost-self-hosted.md) or [Nextcloud](guides/auth/nextcloud.md) examples for more details!|
 
 ### SAML Login
 
diff --git a/docs/configuration-env-vars.md b/docs/configuration-env-vars.md
index d203c80b4..fe971d127 100644
--- a/docs/configuration-env-vars.md
+++ b/docs/configuration-env-vars.md
@@ -175,6 +175,7 @@ defaultNotePath can't be set from env-vars
 | `CMD_OAUTH2_AUTHORIZATION_URL` | `https://example.com` | authorization URL of your provider, please refer to the documentation of your OAuth2 provider (no default value) |
 | `CMD_OAUTH2_CLIENT_ID` | `afae02fckafd...` | you will get this from your OAuth2 provider when you register CodiMD as OAuth2-client, (no default value) |
 | `CMD_OAUTH2_CLIENT_SECRET` | `afae02fckafd...` | you will get this from your OAuth2 provider when you register CodiMD as OAuth2-client, (no default value) |
+| `CMD_OAUTH2_SCOPE` | `openid email profile` | The requested OAuth2/OIDC scopes, which are privileges that CodiMD can exercise on behalf of the user. Default is `openid email profile`, in order to retrieve user email/profile information via the user profile URL. |
 | `CMD_OAUTH2_PROVIDERNAME` | `My institution` | Optional name to be displayed at login form indicating the oAuth2 provider |
 
 
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 219be4995..87a7e3eeb 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -92,7 +92,8 @@ module.exports = {
     tokenURL: process.env.CMD_OAUTH2_TOKEN_URL,
     authorizationURL: process.env.CMD_OAUTH2_AUTHORIZATION_URL,
     clientID: process.env.CMD_OAUTH2_CLIENT_ID,
-    clientSecret: process.env.CMD_OAUTH2_CLIENT_SECRET
+    clientSecret: process.env.CMD_OAUTH2_CLIENT_SECRET,
+    scope: process.env.CMD_OAUTH2_SCOPE
   },
   dropbox: {
     clientID: process.env.CMD_DROPBOX_CLIENTID,
diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js
index dcfda0bc1..d4ae77f06 100644
--- a/lib/config/hackmdEnvironment.js
+++ b/lib/config/hackmdEnvironment.js
@@ -81,7 +81,8 @@ module.exports = {
     tokenURL: process.env.HMD_OAUTH2_TOKEN_URL,
     authorizationURL: process.env.HMD_OAUTH2_AUTHORIZATION_URL,
     clientID: process.env.HMD_OAUTH2_CLIENT_ID,
-    clientSecret: process.env.HMD_OAUTH2_CLIENT_SECRET
+    clientSecret: process.env.HMD_OAUTH2_CLIENT_SECRET,
+    scope: process.env.HMD_OAUTH2_SCOPE
   },
   dropbox: {
     clientID: process.env.HMD_DROPBOX_CLIENTID,