diff --git a/authenticator/client/oidcClient.go b/authenticator/client/oidcClient.go
index 551dec305..9c37b5026 100644
--- a/authenticator/client/oidcClient.go
+++ b/authenticator/client/oidcClient.go
@@ -41,19 +41,42 @@ func GetSettings(conf *DexConfig) (*oidc.Settings, error) {
 	if err != nil {
 		return nil, err
 	}
+
 	settings := &oidc.Settings{
 		URL: conf.Url,
 		OIDCConfig: oidc.OIDCConfig{CLIClientID: conf.DexClientID,
 			ClientSecret:    conf.DexClientSecret,
 			Issuer:          proxyUrl,
 			ServerSecret:    conf.ServerSecret,
-			RequestedScopes: conf.DexScopes,
+			RequestedScopes: conf.GetDexScopes(),
 		},
 		UserSessionDuration: time.Duration(conf.UserSessionDurationSeconds) * time.Second,
 		AdminPasswordMtime:  conf.AdminPasswordMtime,
 	}
 	return settings, nil
 }
+func (conf *DexConfig) GetDexScopes() []string {
+	// passing empty array to get default scopes
+	defaultScopes := oidc.GetScopesOrDefault([]string{})
+	additionalScopes := conf.DexScopes
+
+	occurrenceMap := make(map[string]bool)
+	finalScopes := make([]string, 0, len(defaultScopes)+len(additionalScopes))
+
+	// first add all the default
+	for _, scope := range defaultScopes {
+		occurrenceMap[scope] = true
+		finalScopes = append(finalScopes, scope)
+	}
+	// append extra configs
+	for _, scope := range additionalScopes {
+		if _, exists := occurrenceMap[scope]; !exists {
+			occurrenceMap[scope] = true
+			finalScopes = append(finalScopes, scope)
+		}
+	}
+	return finalScopes
+}
 func getOidcClient(dexServerAddress string, settings *oidc.Settings, userVerifier oidc.UserVerifier, RedirectUrlSanitiser oidc.RedirectUrlSanitiser) (*oidc.ClientApp, func(writer http.ResponseWriter, request *http.Request), error) {
 	dexClient := &http.Client{
 		Transport: &http.Transport{