It is the responsibility of a Resource Server to extract information about the user and client application from the access token and make an access decision based on that information.
This guide will help authors of resource Servers and maintainers of client and user account data to understand the range of information available and the kinds of decisions that can be taken.