Enforce that certain scopes are always set
We want every authentication request to include the "open_id" scope.
(Currently, "profile" is set if no other scope is provided. This can be removed.)
We want every authentication request to include the "open_id" scope.
(Currently, "profile" is set if no other scope is provided. This can be removed.)