diff --git a/src/main/java/eu/dnetlib/repo/manager/config/AaiSecurityConfiguration.java b/src/main/java/eu/dnetlib/repo/manager/config/AaiSecurityConfiguration.java
index 7e2d82d..410a4ef 100644
--- a/src/main/java/eu/dnetlib/repo/manager/config/AaiSecurityConfiguration.java
+++ b/src/main/java/eu/dnetlib/repo/manager/config/AaiSecurityConfiguration.java
@@ -17,10 +17,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
 
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
+import java.util.*;
 
 @Configuration
 @EnableWebSecurity
@@ -115,7 +112,7 @@ public class AaiSecurityConfiguration extends WebSecurityConfigurerAdapter {
         RegisteredClient registeredClient = new RegisteredClient();
         registeredClient.setClientId(oidcId);
         registeredClient.setClientSecret(oidcSecret);
-        registeredClient.setScope(new HashSet<>(Collections.singletonList("openid")));
+        registeredClient.setScope(new HashSet<>(Arrays.asList("openid","eduperson_entitlement","profile", "email")));
         registeredClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
         registeredClient.setRedirectUris(new HashSet<>(Collections.singletonList(oidcDevHome)));
         return registeredClient;