diff --git a/pkg/remote/builtin/github/github.go b/pkg/remote/builtin/github/github.go
index b7fb1f82a..1f50bf135 100644
--- a/pkg/remote/builtin/github/github.go
+++ b/pkg/remote/builtin/github/github.go
@@ -231,6 +231,11 @@ func (g *GitHub) Hook(r *http.Request) (*common.Hook, error) {
 	}
 }
 
+// return default scope for GitHub
+func (g *GitHub) Scope() string {
+	return DefaultScope
+}
+
 // push parses a hook with event type `push` and returns
 // the commit data.
 func (g *GitHub) push(r *http.Request) (*common.Hook, error) {
diff --git a/pkg/remote/remote.go b/pkg/remote/remote.go
index a195f416d..8f95572ae 100644
--- a/pkg/remote/remote.go
+++ b/pkg/remote/remote.go
@@ -44,4 +44,7 @@ type Remote interface {
 	// Hook parses the post-commit hook from the Request body
 	// and returns the required data in a standard format.
 	Hook(r *http.Request) (*common.Hook, error)
+
+	// Default scope for remote
+	Scope() string
 }
diff --git a/pkg/server/login.go b/pkg/server/login.go
index 266f5ec60..5e73129e4 100644
--- a/pkg/server/login.go
+++ b/pkg/server/login.go
@@ -134,10 +134,14 @@ func getLoginOauth2(c *gin.Context) {
 	var settings = ToSettings(c)
 	var remote = ToRemote(c)
 
+	var scope = strings.Join(settings.Auth.Scope, ",")
+	if scope == "" {
+		scope = remote.Scope()
+	}
 	var config = &oauth2.Config{
 		ClientId:     settings.Auth.Client,
 		ClientSecret: settings.Auth.Secret,
-		Scope:        strings.Join(settings.Auth.Scope, ","),
+		Scope:        scope,
 		AuthURL:      settings.Auth.Authorize,
 		TokenURL:     settings.Auth.AccessToken,
 		RedirectURL:  fmt.Sprintf("%s/authorize", httputil.GetURL(c.Request)),