How can I ensure that a client cannot ask for the ID Token? How can I revoke its access to the openid scope?

Hi there :wave:

I want to restrict the access to a client to authorize users, not to authenticate them.
In other words, I want to allow the client to ask for an access token (including offline access) but not give it the option to ask for the ID token.

My educated guess is that I should revoke access to the scope openid, but I do not know if this is possible or if Iā€™m taking the wrong direction.

I would appreciate any advice!
Thank you all :hugs: