Requesting additional scopes for 3LO App / "Log in with Atlassian"

Hi we’re facing an issue with our 3LO App.

We have two use cases:

  1. login the user - only the user:me scope is required for that
  2. request additional rights e.g. to create issues/pages

However it seems that when the user logs out and in again, and on login we only request the user:me scope, ALL PREVIOUS SCOPES are removed. Since we cannot know if a user only want’s to login or he/she wants to give additional rights, this means that the user must grant all scopes on every login.

Is this the expected behaviour? How can we realise a “Login with Atlassian” with minimal scopes (which does not remove any previously granted permissions/scopes)?

Anybody an idea? @sluthra @nmansilla @AngelinaIgnatova