Google social login contacts permissions

In the social connections > Google > permissions setup in auth0, there is an option to request permissions to a user’s google contacts. That permission setting seems to resolve to the google scope https://www.googleapis.com/auth/contacts.

That scope requests full contact management permission. In reviewing my permission requests, Google has suggested I use the READ-ONLY contacts scope:
https://www.googleapis.com/auth/contacts.readonly

I agree, and only want to request read-only contacts permissions of my users, but I don’t see a way to do that in auth0.

Is there any way to request read-only contact permissions instead of full management permissions?

You should be able to accomplish that by not selecting the scope in question through the dashboard and then request the scope you actually need through a parameter. In particular, according to this documentation you can use the connection_scope parameter to include the read-only scope that you want to be requested from Google.