diff --git a/conf/frpc_full.ini b/conf/frpc_full.ini
index 01c04043..6605ee2b 100644
--- a/conf/frpc_full.ini
+++ b/conf/frpc_full.ini
@@ -51,6 +51,11 @@ oidc_audience =
 # It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
 oidc_token_endpoint_url =
 
+# oidc_additional_endpoint_params specifies additional parameters to be sent to the OIDC Token Endpoint.
+# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
+# If it's not empty, it should be a json string, like {"audience": ["https://dev.auth.com/api/v2/"]}
+oidc_additional_endpoint_params = {"audience": ["https://dev.auth.com/api/v2/"], "scope": ["openid", "profile", "email"]}
+
 # set admin address for control frpc's action by http api such as reload
 admin_addr = 127.0.0.1
 admin_port = 7400
diff --git a/pkg/auth/oidc.go b/pkg/auth/oidc.go
index 981f7589..adbbee30 100644
--- a/pkg/auth/oidc.go
+++ b/pkg/auth/oidc.go
@@ -16,6 +16,7 @@ package auth
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 
 	"github.com/fatedier/frp/pkg/msg"
@@ -40,6 +41,10 @@ type OidcClientConfig struct {
 	// It will be used to get an OIDC token if AuthenticationMethod == "oidc".
 	// By default, this value is "".
 	OidcTokenEndpointURL string `ini:"oidc_token_endpoint_url" json:"oidc_token_endpoint_url"`
+
+	// OidcAdditionalEndpointParams specifies additional parameters to be sent
+	// this field will be Unmarshal to map[string][]string
+	OidcAdditionalEndpointParams string `ini:"oidc_additional_endpoint_params" json:"oidc_additional_endpoint_params"`
 }
 
 func getDefaultOidcClientConf() OidcClientConfig {
@@ -88,11 +93,20 @@ type OidcAuthProvider struct {
 }
 
 func NewOidcAuthSetter(baseCfg BaseConfig, cfg OidcClientConfig) *OidcAuthProvider {
+	eps := make(map[string][]string)
+	if cfg.OidcAdditionalEndpointParams != "" {
+		err := json.Unmarshal([]byte(cfg.OidcAdditionalEndpointParams), &eps)
+		if err != nil {
+			panic(err)
+		}
+	}
+
 	tokenGenerator := &clientcredentials.Config{
-		ClientID:     cfg.OidcClientID,
-		ClientSecret: cfg.OidcClientSecret,
-		Scopes:       []string{cfg.OidcAudience},
-		TokenURL:     cfg.OidcTokenEndpointURL,
+		ClientID:       cfg.OidcClientID,
+		ClientSecret:   cfg.OidcClientSecret,
+		Scopes:         []string{cfg.OidcAudience},
+		TokenURL:       cfg.OidcTokenEndpointURL,
+		EndpointParams: eps,
 	}
 
 	return &OidcAuthProvider{