As scopes are often used for permissions in the applications themselves it
would be useful to have a mechanism to grant a user access to a scope.
For example if you have the scopes "photos:view" and "photos:edit"
you
would like only users that are permitted to use the photos application to
be able to get those scopes in the token.
One simple way of doing this would be to have a optional required role
associated with a client scope. Then we can simply apply the client scopes
for which the user has the required role.