Hey Nell it's a good question and fair observation. The consent screen language could definitely be clearer. I do want to explain why those scopes exist, because the underlying architecture is actually sound. What you're looking at is the OpenInfra Foundation's OpenID Connect identity provider. It's not just the login for one thing — it's the single identity layer that powers everything in the OpenInfra ecosystem. That same login handles: Foundation membership and governance — which is what you're doing (elections, voting eligibility, candidate nominations) Event infrastructure — registration, schedules, speaker submissions via the CFP, shareable schedules for summits and PTGs Project and foundation websites — OpenStack, StarlingX, Kata Containers, the OpenInfra site itself Speaker and sponsor management — profile data, organization affiliations So when you see scopes like "nominate candidates" and "write candidate profile," those are the election and governance functions you'd expect. The schedule and speaker profile scopes are there because the same identity carries across into summit participation. The organization read/write handles your company affiliation for membership and voting eligibility purposes. The reason the consent screen feels excessive is that it's presenting the full capability set of the platform upfront — foundation governance, event ops, community participation — even though you may only be here to manage your membership and vote. Incremental consent (requesting scopes only when you actually use a feature) may seem like a better UX pattern up front, but as you navigated the site if you decided to do other things you'd have to incrementally grant consent which would be more complicated to code and potentially create friction in the end experience. At the end of the day, what you're seeing is transparency, not overreach. Most platforms access equivalent data without itemizing it. The auth flow itself is PKCE-based and standards-compliant per RFC 7636: https://datatracker.ietf.org/doc/html/rfc7636 And importantly — all of this is open source. The IDP, the API, and the foundation website are all available for full audit, and PRs are welcome if anyone feels inclined to suggest an improvement for the consent experience: IDP: https://github.com/OpenStackweb/openstackid Summit API: https://github.com/OpenStackweb/summit-api Foundation Website: https://github.com/OpenStackweb/osf-website Thanks for paying attention and bringing this up :). I hope this was a helpful explanation.