Deliver a “OIDC Scope Check Policy” based on the Hitachi implementation.

If we can get use case requirements to make this generic beyond Keycloak (change attribute name, and handle different lists of scopes/roles) then we should do so, but not a must.

This policy would be used together with the conditional policy to implement lightweight OIDC scope authorization.