diff --git a/konnect/commander.yaml b/konnect/commander.yaml
index 198e911..261019d 100644
--- a/konnect/commander.yaml
+++ b/konnect/commander.yaml
@@ -25,6 +25,11 @@ tests:
     config:
       env:
         external_oidc_provider: yes
+  identifier scopes:
+    command: /commander/test-helper.sh && wrapper.sh && yq . $identifier_scopes_conf
+    stdout:
+      contains:
+        - '"description": "Access Kopano Meet"'
 config:
   env:
     PATH: ${PATH}
diff --git a/konnect/wrapper.sh b/konnect/wrapper.sh
index a74dd62..a995d83 100755
--- a/konnect/wrapper.sh
+++ b/konnect/wrapper.sh
@@ -32,14 +32,14 @@ if [ "${allow_client_guests:-}" = "yes" ]; then
 	#yq -y ".clients += [{\"id\": \"grapi-explorer.js\", \"name\": \"Grapi Explorer\", \"application_type\": \"web\", \"trusted\": true, \"insecure\": true, \"redirect_uris\": [\"http://$FQDNCLEANED:3000/\"]}]" $CONFIG_JSON | sponge $CONFIG_JSON
 	yq -y ".clients += [{\"id\": \"kpop-https://$FQDN/meet/\", \"name\": \"Kopano Meet\", \"application_type\": \"web\", \"trusted\": true, \"redirect_uris\": [\"https://$FQDN/meet/\"], \"trusted_scopes\": [\"konnect/guestok\", \"kopano/kwm\"], \"jwks\": {\"keys\": [{\"kty\": $(jq .kty /tmp/jwk-meet.json), \"use\": $(jq .use /tmp/jwk-meet.json), \"crv\": $(jq .crv /tmp/jwk-meet.json), \"d\": $(jq .d /tmp/jwk-meet.json), \"kid\": $(jq .kid /tmp/jwk-meet.json), \"x\": $(jq .x /tmp/jwk-meet.json), \"y\": $(jq .y /tmp/jwk-meet.json)}]},\"request_object_signing_alg\": \"ES256\"}]" $CONFIG_JSON | sponge $CONFIG_JSON
 	# TODO this last bit can likely go (but then we must default to a registry stored below /etc/kopano)
-	yq -y . $CONFIG_JSON | sponge "${identifier_scopes_conf:?}"
+	yq -y . $CONFIG_JSON | sponge "${identifier_registration_conf:?}"
 fi
 
 if [ "${external_oidc_provider:-}" = "yes" ]; then
 	echo "Patching identifier registration for external OIDC provider"
 	CONFIG_JSON=/etc/kopano/konnectd-identifier-registration.yaml
 	echo "authorities: [{name: ${external_oidc_name:-}, default: yes, iss: ${external_oidc_url:-}, client_id: kopano-meet, client_secret: ${external_oidc_clientsecret:-}, authority_type: oidc, response_type: id_token, scopes: [openid, profile, email]}]" >> $CONFIG_JSON
-	yq -y . $CONFIG_JSON | sponge "${identifier_scopes_conf:?}"
+	yq -y . $CONFIG_JSON | sponge "${identifier_registration_conf:?}"
 fi
 
 # source additional configuration from Konnect cfg (potentially overwrites env vars)