diff --git a/src/Duende.AccessTokenManagement.OpenIdConnect/OpenIdConnectClientConfiguration.cs b/src/Duende.AccessTokenManagement.OpenIdConnect/OpenIdConnectClientConfiguration.cs
index a8c5619..744f322 100644
--- a/src/Duende.AccessTokenManagement.OpenIdConnect/OpenIdConnectClientConfiguration.cs
+++ b/src/Duende.AccessTokenManagement.OpenIdConnect/OpenIdConnectClientConfiguration.cs
@@ -1,6 +1,7 @@
 // Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 
+using System.Collections.Generic;
 using System.Net.Http;
 
 namespace Duende.AccessTokenManagement.OpenIdConnect;
@@ -44,4 +45,9 @@ public class OpenIdConnectClientConfiguration
     /// The scheme name of the OIDC handler
     /// </summary>
     public string? Scheme { get; set; }
+
+    /// <summary>
+    /// Gets the list of permissions to request.
+    /// </summary>
+    public ICollection<string> Scope { get; set; } = new HashSet<string>();
 }
\ No newline at end of file
diff --git a/src/Duende.AccessTokenManagement.OpenIdConnect/OpenIdConnectConfigurationService.cs b/src/Duende.AccessTokenManagement.OpenIdConnect/OpenIdConnectConfigurationService.cs
index 137dffc..6bc5497 100644
--- a/src/Duende.AccessTokenManagement.OpenIdConnect/OpenIdConnectConfigurationService.cs
+++ b/src/Duende.AccessTokenManagement.OpenIdConnect/OpenIdConnectConfigurationService.cs
@@ -78,6 +78,8 @@ public async Task<OpenIdConnectClientConfiguration> GetOpenIdConnectConfiguratio
             ClientId = options.ClientId,
             ClientSecret = options.ClientSecret,
             HttpClient = options.Backchannel,
+
+            Scope = options.Scope
         };
     }
 }
\ No newline at end of file
diff --git a/src/Duende.AccessTokenManagement.OpenIdConnect/UserTokenEndpointService.cs b/src/Duende.AccessTokenManagement.OpenIdConnect/UserTokenEndpointService.cs
index f0173b4..eb207f7 100755
--- a/src/Duende.AccessTokenManagement.OpenIdConnect/UserTokenEndpointService.cs
+++ b/src/Duende.AccessTokenManagement.OpenIdConnect/UserTokenEndpointService.cs
@@ -64,7 +64,8 @@ public async Task<UserToken> RefreshAccessTokenAsync(
             ClientId = oidc.ClientId!,
             ClientSecret = oidc.ClientSecret,
             ClientCredentialStyle = _options.ClientCredentialStyle,
-            
+            Scope = string.Join(" ", oidc.Scope),
+
             RefreshToken = refreshToken
         };