Hello is there any way to handle a single OAuth2 provider requiring different scopes? For Outlook there's one scope for the profile (to get the email) then another to get the token for IMAP. Can I setup Ory Kratos to redirect to the profile OAuth2 endpoint with that scope then after it's finished request the IMAP scope which then also gets added to the user session? These two endpoints:

var OutlookOAuth2Config = &oauth2.Config{
	ClientID:     "f1774b58a70e2",
	ClientSecret: "GJF7Q~Cc1RxOb",
	RedirectURL:  "<http://localhost:1337/outlook/emails/callback>",
	Scopes: []string{
		"offline_access",
		"<https://outlook.office.com/User.Read>",
		"<https://outlook.office.com/IMAP.AccessAsUser.All>",
	},
	Endpoint: oauth2.Endpoint{
		AuthURL:  "<https://login.microsoftonline.com/common/oauth2/v2.0/authorize>",
		TokenURL: "<https://login.microsoftonline.com/common/oauth2/v2.0/token>",
	},
}

var OutlookUserProfileOAuth2Config = &oauth2.Config{
	ClientID:     "f1caa4544b58a70e2",
	ClientSecret: "GJF7Q~Cc1RxAq6~Ob",
	RedirectURL:  "<http://localhost:1337/outlook/profile/callback>",
	Scopes: []string{
		"User.Read",
		"<https://graph.microsoft.com/User.Read>",
	},
	Endpoint: oauth2.Endpoint{
		AuthURL:  "<https://login.microsoftonline.com/common/oauth2/v2.0/authorize>",
		TokenURL: "<https://login.microsoftonline.com/common/oauth2/v2.0/token>",
	},
}

I want to migrate to Ory Kratos since I'm doing the two endpoints myself now.

are you sure you want to post your client credentials in plain here?

@User I truncated the client ID and client secret, there's no problem.