Hi,
In essence, permissions determine what actions a user is allowed to perform on a specific resource. On the other hand, scopes are typically requested by applications to act as a proxy for the user. You could theoratically incorporate permissions into access token using Role-Based Access Control (RBAC).
I would highly suggest you also check out Auth0’s blog for Permissions, Privileges, and Scopes