diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php
index b3814546..8bb7ad86 100644
--- a/lib/Controller/LoginController.php
+++ b/lib/Controller/LoginController.php
@@ -263,7 +263,7 @@ public function login(int $providerId, string $redirectUrl = null) {
 		$data = [
 			'client_id' => $provider->getClientId(),
 			'response_type' => 'code',
-			'scope' => $provider->getScope(),
+			'scope' => trim($provider->getScope()),
 			'redirect_uri' => $this->urlGenerator->linkToRouteAbsolute(Application::APP_ID . '.login.code'),
 			'claims' => json_encode($claims),
 			'state' => $state,
diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php
index 6db2a12c..4a366cb9 100644
--- a/lib/Controller/SettingsController.php
+++ b/lib/Controller/SettingsController.php
@@ -59,7 +59,7 @@ public function __construct(
 	}
 
 	public function createProvider(string $identifier, string $clientId, string $clientSecret, string $discoveryEndpoint,
-								   array $settings = [], string $scope = "openid email profile"): JSONResponse {
+								   array $settings = [], string $scope = 'openid email profile'): JSONResponse {
 		if ($this->providerService->getProviderByIdentifier($identifier) !== null) {
 			return new JSONResponse(['message' => 'Provider with the given identifier already exists'], Http::STATUS_CONFLICT);
 		}
@@ -78,7 +78,7 @@ public function createProvider(string $identifier, string $clientId, string $cli
 	}
 
 	public function updateProvider(int $providerId, string $identifier, string $clientId, string $discoveryEndpoint, string $clientSecret = null,
-								   array $settings = [], string $scope = "openid email profile"): JSONResponse {
+								   array $settings = [], string $scope = 'openid email profile'): JSONResponse {
 		$provider = $this->providerMapper->getProvider($providerId);
 
 		if ($this->providerService->getProviderByIdentifier($identifier) === null) {
diff --git a/lib/Db/Provider.php b/lib/Db/Provider.php
index c4169919..2636ac95 100644
--- a/lib/Db/Provider.php
+++ b/lib/Db/Provider.php
@@ -36,7 +36,6 @@
  * @method void setClientSecret(string $clientSecret)
  * @method string getDiscoveryEndpoint()
  * @method void setDiscoveryEndpoint(string $discoveryEndpoint)
- * @method string getScope()
  * @method void setScope(string $scope)
  */
 class Provider extends Entity implements \JsonSerializable {
@@ -56,6 +55,13 @@ class Provider extends Entity implements \JsonSerializable {
 	/** @var string */
 	protected $scope;
 
+	/**
+	 * @return string
+	 */
+	public function getScope(): string {
+		return $this->scope ?: ' ';
+	}
+
 	#[\ReturnTypeWillChange]
 	public function jsonSerialize() {
 		return [
@@ -63,7 +69,7 @@ public function jsonSerialize() {
 			'identifier' => $this->identifier,
 			'clientId' => $this->clientId,
 			'discoveryEndpoint' => $this->discoveryEndpoint,
-			'scope' => $this->scope,
+			'scope' => trim($this->getScope()),
 		];
 	}
 }