diff --git a/idtoken/validate.go b/idtoken/validate.go
index 83efb3318f9..e2b84f0b67a 100644
--- a/idtoken/validate.go
+++ b/idtoken/validate.go
@@ -19,6 +19,7 @@ import (
 	"strings"
 	"time"
 
+	"google.golang.org/api/option/internaloption"
 	htransport "google.golang.org/api/transport/http"
 )
 
@@ -34,6 +35,10 @@ var (
 	now = time.Now
 )
 
+func defaultValidatorOpts() []ClientOption {
+	return []ClientOption{internaloption.WithDefaultScopes("https://www.googleapis.com/auth/cloud-platform")}
+}
+
 // Payload represents a decoded payload of an ID Token.
 type Payload struct {
 	Issuer   string                 `json:"iss"`
@@ -88,6 +93,7 @@ type Validator struct {
 // NewValidator creates a Validator that uses the options provided to configure
 // a the internal http.Client that will be used to make requests to fetch JWKs.
 func NewValidator(ctx context.Context, opts ...ClientOption) (*Validator, error) {
+	opts = append(defaultValidatorOpts(), opts...)
 	client, _, err := htransport.NewClient(ctx, opts...)
 	if err != nil {
 		return nil, err