This is my working scenario: i have created and successfully published an App on the Google Apps Marketplace / Chrome Web Store. Let's say some users did install this App on their own domains and are using my App. When they installed this App on their domains they granted data access to the scopes I declared for my App, for example scopes A and B.
Now let's say we went on improving our App adding a new feature and we released it. This new feature requires us to add a scope C to the App configuration. So let's add scope C and save the new configuration.
For those users who have already installed the App, scope C is "new" and needs to be granted access, while A and B are already granted.
Now we need to find a way to notify users about the need to grant access to the newly added scope before going on using the App (otherwise end users may incur in some issues).
The question is: is there a way to programmatically detect for a specific domain installation of our App which scopes have already been granted access and which ones not?
Assuming you have an access token you can use oauth2.tokeninfo() to determine which scopes a given token is good for.