SSO integration - Generic OIDC - Scopes

I’ve setup an alternative Authentication method with Generic OIDC with the following config:

    "id": "uuid",
    "type": "oidc",
    "uid": "uuid",
    "name": "Authelia",
    "version": "41dd615755d4b719504be0791d8c7b83",
    "config": {
        "auth_url": "",
        "certs_url": "",
        "claims": [
        "client_id": "cloudflare-zero-trust",
        "client_secret": "**********************************",
        "pkce_enabled": true,
        "redirect_url": "",
        "scopes": [
        "token_url": ""
    "scim_config": {
        "enabled": false,
        "group_member_deprovision": false,
        "seat_deprovision": false,
        "secret": "**********************************",
        "user_deprovision": false

I’ve managed to set the scopes specifically to include ‘groups’ because I want to use the returned claims in the Access Policy Rules.

But I discovered that the request to my idp doesn’t include the ‘groups’ scope as I hit the ‘Test’ button in the configuration page. It only returned following data:

  "email": "[email protected]",
  "oidc_fields": {
    "preferred_username": "user1"
  "amr": [

If you guys have any workaround, please let me know or just post a link about the info.
Much appreciated!