Scopes are data you can request when you go through authentication / authorization. Some scopes are defined by the underlying standards, others are custom that you create. Anything you add to a token via a Rule should be available to you no matter which scopes you request.
This is the basic model you need to set up: