Thank you for posting this in Microsoft Q&A.
Yes, you are correct that User.Read is only required when your application wants to fetch the user profile from Microsoft Graph API. When you create app registration by default User.Read permissions will be added. However, when you request the openid scope, Microsoft Entra id automatically includes the User.Read permission as an implied permission. This is because the openid scope is used for authentication, and Entra needs to read the user's profile to authenticate them, and consent was requested for both OpenID and User.Read.
When you requested the openid scope along with your custom scope my-test-app/my-scope, Entra ID did not request consent for openid because the admin consent had already been granted. This is known as "incremental consent," where Entra ID only requests consent for the new permissions that are being requested, rather than re-requesting consent for all permissions. While using OpenID scope in the request you will get ID token along with access token.
In summary, the behavior you are observing is expected and is due to the way that Microsoft Entra id handles consent and scopes.
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.