Majority of the implementation comes from the documentation. For details on how to restrict granted scopes based on the user authorities search for "Mapping User Roles to Scopes" here.