Question About OAuth2 and Microservices

I’m designing an e-Commerce application using a Microservice Architecture (This is my first time building a Microservice based application). After some research, I discover that OAuth is the ideal way of securing microservices.

I find this package that I can use to implement an OAuth Auth server. https://github.com/dusterio/lumen-passport

The thing I’m wondering now has to do with scopes. As shown in this great lecture describing how OAuth2 works: https://youtu.be/996OiexHze0

The Auth Server has a list of pre-defined scopes a client can choose from. Each Microservice then checks the access token they receive with the request to see if they have the right scope (permissions) to perform tasks with the resource.

So, my question is what is the best way for the distinctive microservices to verify scopes?

Do I have have to query the Auth server? Do I just have a list of scopes supported by each Microservice as an array of constants? Or what?

Like, suppose I have an Accounts Microservice (which has the OAuth Auth server) and an Orders Microservice. And the the client application has gone through the code flow and is now requesting to the Order service that an order be placed.

How does the Order service verify that the client has the right scope?

Thanks for the help.