diff --git a/oidc_cli/oidc_impl/client/client.go b/oidc_cli/oidc_impl/client/client.go
index 1d7e4688..41423f2d 100644
--- a/oidc_cli/oidc_impl/client/client.go
+++ b/oidc_cli/oidc_impl/client/client.go
@@ -18,10 +18,11 @@ import (
 
 // Client is an oauth client
 type Client struct {
-	provider    *oidc.Provider
-	oauthConfig *oauth2.Config
-	verifier    *oidc.IDTokenVerifier
-	server      *server
+	provider     *oidc.Provider
+	oauthConfig  *oauth2.Config
+	verifier     *oidc.IDTokenVerifier
+	server       *server
+	DisableCache bool
 
 	// Extra configuration options
 	customMessages map[oidcStatus]string
@@ -53,9 +54,7 @@ func NewClient(ctx context.Context, config *Config, clientOptions ...Option) (*C
 		Endpoint:    provider.Endpoint(),
 		Scopes: []string{
 			oidc.ScopeOpenID,
-			oidc.ScopeOfflineAccess,
 			"email",
-			"groups",
 		},
 	}
 
@@ -223,7 +222,7 @@ func (c *Client) Authenticate(ctx context.Context) (*Token, error) {
 	}
 
 	c.server.Start(ctx, c, oauthMaterial)
-	fmt.Fprintf(os.Stderr, "Opening browser in order to authenticate with Okta, hold on a brief second...\n")
+	fmt.Fprintf(os.Stderr, "Opening browser in order to authenticate with your Identity Provider, hold on a brief second...\n")
 	time.Sleep(2 * time.Second)
 
 	// intercept these outputs, send them back on error
diff --git a/oidc_cli/oidc_impl/client/config_options.go b/oidc_cli/oidc_impl/client/config_options.go
index b0f89506..6ed31e3a 100644
--- a/oidc_cli/oidc_impl/client/config_options.go
+++ b/oidc_cli/oidc_impl/client/config_options.go
@@ -23,3 +23,9 @@ var SetOauth2AuthStyle = func(authStyle oauth2.AuthStyle) Option {
 		c.oauthConfig.Endpoint.AuthStyle = authStyle
 	}
 }
+
+var DisableTokenCache = func() Option {
+	return func(c *Client) {
+		c.DisableCache = true
+	}
+}
diff --git a/oidc_cli/oidc_impl/storage/file.go b/oidc_cli/oidc_impl/storage/file.go
index 49a2112a..69f0ada3 100644
--- a/oidc_cli/oidc_impl/storage/file.go
+++ b/oidc_cli/oidc_impl/storage/file.go
@@ -60,7 +60,7 @@ func (f *File) Set(ctx context.Context, value string) error {
 		return errors.Wrapf(err, "could not create cache dir %s", f.dir)
 	}
 
-	err = ioutil.WriteFile(f.key, []byte(value), 0600)
+	err = os.WriteFile(f.key, []byte(value), 0600)
 	return errors.Wrap(err, "could not set value to file")
 }
 
diff --git a/oidc_cli/oidc_impl/token_getter.go b/oidc_cli/oidc_impl/token_getter.go
index a6bda730..8f9839ec 100644
--- a/oidc_cli/oidc_impl/token_getter.go
+++ b/oidc_cli/oidc_impl/token_getter.go
@@ -39,19 +39,29 @@ func GetToken(ctx context.Context, clientID string, issuerURL string, clientOpti
 		return nil, errors.Wrap(err, "Unable to create client")
 	}
 
-	storage, err := storage.GetOIDC(clientID, issuerURL)
-	if err != nil {
-		return nil, err
-	}
+	var token *client.Token
 
-	cache := cache.NewCache(storage, c.RefreshToken, fileLock)
+	if c.DisableCache {
+		token, err = c.Authenticate(ctx)
+		if err != nil {
+			return nil, errors.Wrap(err, "Unable to authenticate with OAuth client")
+		}
+	} else {
+		storage, err := storage.GetOIDC(clientID, issuerURL)
+		if err != nil {
+			return nil, err
+		}
 
-	token, err := cache.Read(ctx)
-	if err != nil {
-		return nil, errors.Wrap(err, "Unable to extract token from client")
-	}
-	if token == nil {
-		return nil, errors.New("nil token from OIDC-IDP")
+		cache := cache.NewCache(storage, c.RefreshToken, fileLock)
+
+		token, err := cache.Read(ctx)
+		if err != nil {
+			return nil, errors.Wrap(err, "Unable to extract token from client")
+		}
+		if token == nil {
+			return nil, errors.New("nil token from OIDC-IDP")
+		}
 	}
+
 	return token, nil
 }