The scopes will vary depending on the configuration of the connection. Google Apps connections created from the Dashboard are created based on the previous configuration template you created (the screen where you provide your Google application client identifier and secret.
If you selected more than what’s required then you’ll be asking for more scopes. For example, if you enabled the Enable Users API toggle then your application will be asking for the https://www.googleapis.com/auth/admin.directory.user.readonly scope; if you also enabled the Groups then it will also request https://www.googleapis.com/auth/admin.directory.group.readonly.
If your application does not need to perform calls associates with those scopes then the simplest approach would be to not enable them; this would probably mean that you would not even need to go through the verification process for now as the minimum requires scopes seem to been granted.
Have in mind that the way the configuration is done the changes will affect all Google Apps connections.