Using OpenID Connect scopes

I was asked if an application (SimPlan SimController) can authenticate against Advanced Authentication. The application, among other, has these requirements:

  • Roles:  
    • “admin” – Admin rights on the SimController Web
    • “user” – Basic user rights on the SimController Web
    • This should be included in the “roles” Claim in the access token, e.g.: roles: [“user”]
  • Scopes:
    • “simcontroller_access” Scope which will be requested by the frontend and must then be included in the scopes (“scp”) claim of the access token.

I'm at a loss; is this something you can do with Advanced Authentication? I haven't found anything about claims and scopes in the documentation.

Does anyone have any tips or ideas?

Thanks