update oidc scope

passport-openidconnect adds the 'openid' scope to the request, regardless of if its already there.
removed 'openid' scope
removed unused 'groups' scope

webserver.js

@@ -6902,7 +6902,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
                 userInfoURL: domain.authstrategies.oidc.userinfourl,
                 clientID: domain.authstrategies.oidc.clientid,
                 clientSecret: domain.authstrategies.oidc.clientsecret,
-                scope: ['openid profile email groups'],
+                scope: ['profile email'],
             };
             var OIDCStrategy = require('passport-openidconnect');
             if (typeof domain.authstrategies.oidc.callbackurl == 'string') { options.callbackURL = domain.authstrategies.oidc.callbackurl; } else { options.callbackURL = url + 'oidc-callback'; }