diff --git a/src/fts3rest/fts3rest/lib/oauth2provider.py b/src/fts3rest/fts3rest/lib/oauth2provider.py
index 9e3dd1a6f9c02d5941edeba88bccb34b6b1429d0..f4fc999702e2dfd53993bae5f79cdd57620e0687 100644
--- a/src/fts3rest/fts3rest/lib/oauth2provider.py
+++ b/src/fts3rest/fts3rest/lib/oauth2provider.py
@@ -220,10 +220,13 @@ class FTS3OAuth2ResourceProvider(ResourceProvider):
             try:
                 if 'wlcg' in credential['iss']:
                     # Hardcoded scope and audience for wlcg tokens. To change once the wlcg standard evolves
-                    scope = 'offline_access openid storage.read:/ storage.modify:/'
+                    scope = 'offline_access openid storage.read:/ storage.modify:/ wlcg.groups'
                     audience = 'https://wlcg.cern.ch/jwt/v1/any'
                     access_token, refresh_token = oidc_manager.generate_token_with_scope(credential['iss'],
-                                                                                         access_token, scope, audience)
+                                                                                         access_token,
+                                                                                         scope,
+                                                                                         audience,
+                                                                                         )
                 else:
                     refresh_token = oidc_manager.generate_refresh_token(credential['iss'], access_token)
             except Exception: