There's a functional difference between scopes and claims within the OAuth2/OpenID Connect (OIDC) framework:
Scopes grant the client permissions to request access to specific categories of user information.
Claims are the actual pieces of information returned after successful authentication and authorization, determined by the allowed scopes. (More info)
Certain sensitive data fields, such as SSN, fall into the category of Restricted Claims. Restricted claims cannot be retrieved just by including them in your authentication request.
To access these restricted claims:
The Financial Institution (FI) must explicitly enable and authorize these claims in their backend configuration.
This authorization is done by the FI's back-office administrators and involves configuring which specific claims your external application/plugin can access.
Given your situation, your client (who distributes this plugin to the Financial Institutions) must work directly with each FI to make sure these restricted claims are enabled appropriately.
Without explicit FI authorization, the sensitive claims (DOB and SSN) will not be returned, regardless of correct OIDC implementation.