Does API Gateway enforce Oauth2 scopes as shown here?
Yes. Go thru below documentation.
https://docs.apigee.com/api-platform/security/oauth/working-scopes
This answer refers to Apigee documentation. I think the question is pertaining to Google API Gateway, not Apigee. They're two different things.
I don't know for certain. I don't see anything here in the documentation that discusses scopes on the inbound JWT.