Per the Apigee docs, the OAuthV2 policy's VerifyAccessToken operation
requires you to "hard code" the Scope(s) you want to validate."If this
element appears in a "VerifyAccessToken" policy, then it is used to
specify which scopes the policy should en...