!!! Overview 
[{$pagename}] process [MUST] be performed on all [OAuth Scope] requests.

[OAuth Scopes] values that are used to request [Claims] and there is no guarantee that the [Claims] requested will be returned. The [Authorization Server] [MAY] deny some of the requested [OAuth Scopes] based on [Authorization Policy] or an the [Resource Owner] ([End-User]) [MAY] be given the option to have the [OpenID Connect Provider] decline to provide some or all information requested by  a [Relying Party]. To minimize the amount of information that the [Resource Owner] is being asked to disclose, an [Relying Party] can elect to only request a subset of the information available.

The [OAuth Client]/[Relying Party] [MUST] validate the [OAuth Scopes] returned in the [Access Token] contains the necessary [OAuth Scopes] and the if the [UserInfo Request] [claims] match the [UserInfo Response] claims.

If the [OAuth Client]/[Relying Party] [MUST] have some scope NOT provided, the they should abort the process and provide an appropriate error.

For [example], the user may have chosen to authenticate only, but not to provide access to the other [OAuth Scopes] or the [Authorization Server] [MAY] have denied access due to the [Authorization Policy] !! More Information 
There might be more information for this subject on one of the following: 
[{ReferringPagesPlugin before='*' after='\n' }]