diff --git a/backend/src/app/http/oauth.clj b/backend/src/app/http/oauth.clj
index 41a40ab18..bfd5d1621 100644
--- a/backend/src/app/http/oauth.clj
+++ b/backend/src/app/http/oauth.clj
@@ -109,6 +109,17 @@
                :cause e)
       nil)))
 
+(s/def ::backend ::us/not-empty-string)
+(s/def ::email ::us/not-empty-string)
+(s/def ::fullname ::us/not-empty-string)
+(s/def ::props (s/map-of ::us/keyword any?))
+
+(s/def ::info
+  (s/keys :req-un [::backend
+                   ::email
+                   ::fullname
+                   ::props]))
+
 (defn retrieve-info
   [{:keys [tokens provider] :as cfg} request]
   (let [state  (get-in request [:params :state])
@@ -116,7 +127,10 @@
         info   (some->> (get-in request [:params :code])
                         (retrieve-access-token cfg)
                         (retrieve-user-info cfg))]
-    (when-not info
+
+    (when-not (s/valid? ::info info)
+      (l/warn :hint "received incomplete profile info object (please set correct scopes)"
+              :info (pr-str info))
       (ex/raise :type :internal
                 :code :unable-to-auth
                 :hint "no user info"))
@@ -236,7 +250,7 @@
               :token-uri     (cf/get :oidc-token-uri)
               :auth-uri      (cf/get :oidc-auth-uri)
               :user-uri      (cf/get :oidc-user-uri)
-              :scopes        (cf/get :oidc-scopes #{"openid" "profile"})
+              :scopes        (cf/get :oidc-scopes #{"openid" "profile" "email"})
               :roles-attr    (cf/get :oidc-roles-attr)
               :roles         (cf/get :oidc-roles)
               :name          "oidc"}]
diff --git a/docker/images/config.env b/docker/images/config.env
index ba5dabeaf..79f1472ee 100644
--- a/docker/images/config.env
+++ b/docker/images/config.env
@@ -42,7 +42,7 @@ PENPOT_REGISTRATION_ENABLED=true
 
 # Comma separated list of allowed domains to register. Empty for allow
 # all.
-PENPOT_REGISTRATION_DOMAIN_WHITELIST=""
+# PENPOT_REGISTRATION_DOMAIN_WHITELIST=""
 
 # Penpot comes with the facility to create quick demo users that are
 # automatically deleted after some time. This settings enables or
diff --git a/docker/images/files/nginx-entrypoint.sh b/docker/images/files/nginx-entrypoint.sh
index 51a118c5a..7543ab0e1 100644
--- a/docker/images/files/nginx-entrypoint.sh
+++ b/docker/images/files/nginx-entrypoint.sh
@@ -97,7 +97,7 @@ update_registration_enabled() {
   fi
 }
 
-update_registration_enabled() {
+update_analytics_enabled() {
   if [ -n "$PENPOT_ANALYTICS_ENABLED" ]; then
     sed -i \
       -e "s|^//var penpotAnalyticsEnabled = .*;|var penpotAnalyticsEnabled = $PENPOT_ANALYTICS_ENABLED;|g" \