Using scopes as roles in Spring Security OAuth2 (provider)

Question

Let\'s consider a fairly simple hypothetical application where users can read or write posts.

Some users can read and write articles while some others can only read

Answer 1

You can configure your own AccessTokenConverter (mainly for JWT) and extract the claims you want from the JWT access token and generate an Authority object. Just define a Bean factory that return an AccessTokenConverter