diff --git a/app/controllers/redmine_oauth_controller.rb b/app/controllers/redmine_oauth_controller.rb
index 757225f..556cfb3 100644
--- a/app/controllers/redmine_oauth_controller.rb
+++ b/app/controllers/redmine_oauth_controller.rb
@@ -8,7 +8,7 @@ class RedmineOauthController < AccountController
   def oauth_a2
     if Setting.plugin_redmine_oauth2_a2[:oauth_authentification]
       session[:back_url] = params[:back_url]
-      redirect_to oauth_client.auth_code.authorize_url(:redirect_uri => oauth_a2_callback_url, :scope => 'read')
+      redirect_to oauth_client.auth_code.authorize_url(:redirect_uri => oauth_a2_callback_url, :scope => 'read write')
     else
       password_authentication
     end
@@ -20,7 +20,7 @@ class RedmineOauthController < AccountController
       redirect_to signin_path
     else
       token = oauth_client.auth_code.get_token(params[:code], :redirect_uri => oauth_a2_callback_url)
-      result = token.get(Setting.plugin_redmine_oauth_a2[:a2_server_url] + '/idp/oauth2/user-info/')
+      result = token.get(Setting.plugin_redmine_oauth2_a2[:a2_server_url] + '/idp/oauth2/user-info/')
       info = JSON.parse(result.body)
       if info && info["verified_email"]
         if allowed_domain_for?(info["email"])