the sample oauth client spec includes scopes such as read, write. What if I want to have a scope named 'customer' - is this possible? I tried it once but I got errors at startup. Is there some extra implementation required here?
Once we get the scope defined, I understand that I can use a role like SCOPE_CUSTOMER for example in the <http> tag for limiting the access, right? I guess I can use the same with the annotations on individual controller methods then.