diff --git a/httpd/oidc.go b/httpd/oidc.go
index 62cf5264..9be4c2ef 100644
--- a/httpd/oidc.go
+++ b/httpd/oidc.go
@@ -137,7 +137,7 @@ func (o *OIDC) initialize() error {
 		ClientSecret: o.ClientSecret,
 		Endpoint:     o.provider.Endpoint(),
 		RedirectURL:  o.getRedirectURL(),
-		Scopes:       []string{oidc.ScopeOpenID},
+		Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
 	}
 
 	return nil
@@ -175,8 +175,17 @@ type oidcToken struct {
 }
 
 func (t *oidcToken) parseClaims(claims map[string]interface{}, usernameField, roleField string) error {
+	getClaimsFields := func() []string {
+		keys := make([]string, 0, len(claims))
+		for k := range claims {
+			keys = append(keys, k)
+		}
+		return keys
+	}
+
 	username, ok := claims[usernameField].(string)
 	if !ok || username == "" {
+		logger.Warn(logSender, "", "username field %#v not found, claims fields: %+v", usernameField, getClaimsFields())
 		return errors.New("no username field")
 	}
 	t.Username = username
diff --git a/httpd/oidc_test.go b/httpd/oidc_test.go
index 4d38f08a..fded7f75 100644
--- a/httpd/oidc_test.go
+++ b/httpd/oidc_test.go
@@ -261,7 +261,7 @@ func TestOIDCLoginLogout(t *testing.T) {
 		Nonce:  authReq.Nonce,
 		Expiry: time.Now().Add(5 * time.Minute),
 	}
-	setIDTokenClaims(idToken, []byte(`{}`))
+	setIDTokenClaims(idToken, []byte(`{"aud": "my_client_id"}`))
 	server.binding.OIDC.verifier = &mockOIDCVerifier{
 		err:   nil,
 		token: idToken,