diff --git a/charts/istio-authorizer/templates/configmap.yaml b/charts/istio-authorizer/templates/configmap.yaml
index de2f4c29..23301b18 100644
--- a/charts/istio-authorizer/templates/configmap.yaml
+++ b/charts/istio-authorizer/templates/configmap.yaml
@@ -41,6 +41,7 @@ data:
           original_token: {{ .tokenExchange.inject.headers.originalToken }}
           exchanged_token: {{ .tokenExchange.inject.headers.exchangedToken }}
           strip_bearer: {{ .tokenExchange.inject.headers.stripBearer }}
+      request_scopes: {{ .tokenExchange.requestScopes }}
     {{- end }}
   extraconfig.yaml: |
     {{- with .Values.extraConfig }}
diff --git a/charts/istio-authorizer/values.yaml b/charts/istio-authorizer/values.yaml
index 86fbba7c..124a6ec1 100644
--- a/charts/istio-authorizer/values.yaml
+++ b/charts/istio-authorizer/values.yaml
@@ -262,6 +262,10 @@ tokenExchange:
       ##
       stripBearer: false
 
+  # Describes what scopes should be requested for a new token
+  # One of: client | original_token
+  requestScopes: "original_token"
+
 ## ACP http client configuration
 ##
 # httpClient: