On the Scope Constraints tab, you can configure which scopes or scope groups that developers can request when registering clients using dynamic client registration.
All clients created through dynamic client registration share this configuration. If a certain client requires a different set of common scopes, exclusive scopes, or both, modify the client configuration using the administrative console, the administrative API, or the OAuth Client Management Service after the client has been created. Scopes can also be overridden by client registration policies enforced during dynamic client registration.
Restricting common scopes and allowing exclusive scopes are not mutually exclusive. You can configure both options based on your use cases.
If you configure both options, developers must send client registrations with the desired common and exclusive scopes.
Depending on the configured dynamic scope patterns and whether they are defined as common or exclusive dynamic scopes, this configuration can impact the results of scope evaluation. The default scope is always available to all clients. For more information, see the Dynamic scope evaluation and per-client scope management section in Scopes and scope management.