The OAuth scopes requested from the identity provider, which determine what user information is accessible (e.g., 'openid profile email').