Spring oauth2 scope vs authorities(roles)
I noticed a client has both scope and authorities The client only has scope, but we can consider/use it as an authority(roles). This is because OAuth2 spec doesn’t explain specific usage of scope. Consider this, a user authorizes Twitter to post a user’s tweet to Facebook. In this case, Twitter will have a scope write_facebook_status. … Read more