Hi @mplgn
Welcome to the Auth0 community!
As far as I can see in the snippets you have posted regarding the matter, it appears that the scopes you have defined seem to be pretty clear, specifying if they are allowed to manage an widget they own or a shared one. Also, you seem to be checking the scopes of the user and what kind of widget they are trying to manage (their own or others). If the widget owner and scopes are assigned correctly, then it appears that everything seems to be set up correctly as far as it goes.
If you have any other questions, feel free to leave a reply!
Kind Regards,
Nik