diff --git a/src/idpyoidc/server/authz/__init__.py b/src/idpyoidc/server/authz/__init__.py
index f90094f6..8fdcb268 100755
--- a/src/idpyoidc/server/authz/__init__.py
+++ b/src/idpyoidc/server/authz/__init__.py
@@ -88,9 +88,7 @@ def __call__(
         if not scopes:
             scopes = request.get("scope", [])
         else:
-            _allowed = _context.cdb[_client_id].get('allowed_scopes', [])
-            if _allowed:
-                scopes = list(set(scopes).intersection(set(_allowed)))
+            scopes = _context.scopes_handler.filter_scopes(scopes, client_id=_client_id)
         grant.scope = scopes
 
         # After this is where user consent should be handled
diff --git a/src/idpyoidc/server/claims/oauth2.py b/src/idpyoidc/server/claims/oauth2.py
index 6b322baa..f0137543 100644
--- a/src/idpyoidc/server/claims/oauth2.py
+++ b/src/idpyoidc/server/claims/oauth2.py
@@ -19,6 +19,7 @@ class Claims(claims.Claims):
 
     _supports = {
         "deny_unknown_scopes": False,
+        "scopes_handler": None,
         "response_types_supported": ["code"],
         "response_modes_supported": ["code"],
         "jwks_uri": None,
diff --git a/src/idpyoidc/server/claims/oidc.py b/src/idpyoidc/server/claims/oidc.py
index 70e68768..f2b57506 100644
--- a/src/idpyoidc/server/claims/oidc.py
+++ b/src/idpyoidc/server/claims/oidc.py
@@ -43,6 +43,7 @@ class Claims(server_claims.Claims):
         "contacts": None,
         "default_max_age": 86400,
         "deny_unknown_scopes": False,
+        "scopes_handler": None,
         "display_values_supported": None,
         "encrypt_id_token_supported": None,
         # "grant_types_supported": ["authorization_code", "implicit", "refresh_token"],
diff --git a/src/idpyoidc/server/configure.py b/src/idpyoidc/server/configure.py
index 8dd8f215..3ba7449d 100755
--- a/src/idpyoidc/server/configure.py
+++ b/src/idpyoidc/server/configure.py
@@ -156,6 +156,7 @@ class EntityConfiguration(Base):
         "template_dir": None,
         "token_handler_args": {},
         "userinfo": None,
+        "scopes_handler": None
     }
 
     def __init__(
@@ -348,6 +349,9 @@ def __init__(
             "refresh_token",
         ],
     },
+    "scopes_handler": {
+        "class": "idpyoidc.server.scopes.Scopes"
+    },
     "claims_interface": {"class": "idpyoidc.server.session.claims.ClaimsInterface", "kwargs": {}},
     "cookie_handler": {
         "class": "idpyoidc.server.cookie_handler.CookieHandler",