For this guide let's create two scopes: read and write. Applications authorized with the read scope will be able to read public data from our API. The write scope will let applications change data in our API.
Go to doorkeeper's initializer and add:
The last line with enforce_configured_scopes ensures applications to be able to ask only for configured scopes defined in default_scopes and optional_scopes.