It would be good if the authenticator followed scope setting more strictly since the token could contain extra claims that we don't want. Scope settings in xwiki gives better control.
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6)
If image attachments aren't displayed, see this article.