diff --git a/server/index.ts b/server/index.ts
index b58f663..f9043b5 100644
--- a/server/index.ts
+++ b/server/index.ts
@@ -42,7 +42,13 @@ let authToken: AuthorizationToken;
 
 // auth flow: response with URL to redirect to Medicare.gov beneficiary login
 app.get("/api/authorize/authurl", (req: Request, res: Response) => {
-  res.send(bb.generateAuthorizeUrl(authData));
+  // for SMART App v2 scopes usage: explicitly
+  // provide query parameter scope=<v2 scopes>
+  // where <v2 scopes> is space delimited v2 scope specs (url encoded)
+  // e.g. patient/ExplanationOfBenefit.rs
+  const redirectUrl = bb.generateAuthorizeUrl(authData) +
+   "&scope=patient%2FExplanationOfBenefit.rs"
+  res.send(redirectUrl);
 });
 
 // auth flow: oauth2 call back
diff --git a/server/package.json b/server/package.json
index 46b1d89..7d7f7a6 100644
--- a/server/package.json
+++ b/server/package.json
@@ -45,7 +45,7 @@
     ],
     "dependencies": {
         "@types/express": "^4.17.14",
-        "cms-bluebutton-sdk": "^1.0.2",
+        "cms-bluebutton-sdk": "^1.0.4",
         "express": "^4.18.2",
         "ts-node": "^10.9.1",
         "typescript": "^4.9.3"