OAuth 2.0 scopes provide a way to limit the amount of access that is granted to an access token. For example, an access token issued to a client app may be granted READ and WRITE access to protected resources, or just READ access. You can implement your APIs to enforce any scope or combination of scopes you wish.
https://docs.spring.io/spring-security/site/docs/5.2.12.RELEASE/reference/html/oauth2.html