diff --git a/internal/cli/test.go b/internal/cli/test.go
index b17f9d40a..1c0b42976 100644
--- a/internal/cli/test.go
+++ b/internal/cli/test.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"net/http"
 
+	"github.com/AlecAivazis/survey/v2"
 	"github.com/auth0/go-auth0/management"
 	"github.com/spf13/cobra"
 	"golang.org/x/net/context"
@@ -207,6 +208,10 @@ func testTokenCmd(cli *cli) *cobra.Command {
 			cli.renderer.Newline()
 
 			if client.GetAppType() == appTypeNonInteractive {
+				if len(inputs.Scopes) != 0 {
+					cli.renderer.Warnf("Passed in scopes do not apply to Machine to Machine applications.\n")
+				}
+
 				tokenResponse, err := runClientCredentialsFlow(cmd.Context(), cli, client, inputs.Audience, cli.tenant)
 				if err != nil {
 					return fmt.Errorf(
@@ -221,6 +226,12 @@ func testTokenCmd(cli *cli) *cobra.Command {
 				return nil
 			}
 
+			if len(inputs.Scopes) == 0 {
+				if err := cli.pickTokenScopes(cmd.Context(), &inputs); err != nil {
+					return err
+				}
+			}
+
 			if proceed := runLoginFlowPreflightChecks(cli, client); !proceed {
 				return nil
 			}
@@ -408,6 +419,25 @@ func (c *cli) audiencePickerOptions(client *management.Client) func(ctx context.
 	}
 }
 
+func (c *cli) pickTokenScopes(ctx context.Context, inputs *testCmdInputs) error {
+	resourceServer, err := c.api.ResourceServer.Read(ctx, inputs.Audience)
+	if err != nil {
+		return err
+	}
+
+	var scopes []string
+	for _, scope := range resourceServer.GetScopes() {
+		scopes = append(scopes, scope.GetValue())
+	}
+
+	scopesPrompt := &survey.MultiSelect{
+		Message: "Scopes",
+		Options: scopes,
+	}
+
+	return survey.AskOne(scopesPrompt, &inputs.Scopes)
+}
+
 func checkClientIsAuthorizedForAPI(ctx context.Context, cli *cli, client *management.Client, audience string) error {
 	var list *management.ClientGrantList
 	if err := ansi.Waiting(func() (err error) {