There's currently very limited support for scope query parameter. This is limited to a few hard coded scopes (i.e. offline_access) and the ability to map a single role to a scope. We should add the option to define custom scopes which can decide what protocol mappers and roles are included in the token. There should also be built-in support for default scopes defined by OpenID Connect.