*I have simple question related to oauth token ,so my requirement is that user can have multiple scopes say A and B and he has generated token for it but later on he needs scope A and B both and his previous token is valid, So in that case
If you want to update the scope of the existing token and if your authorization server provides a mechanism for it, just do it. As a matter of fact, a certain authorization server implementation provides Web APIs to update scopes of existing access tokens (/auth/token/update
API, /auth/client/authorization/update
API).
Whether access tokens are modifiable or not depends on each authorization server implementation. For example, if the type of access token implementation is "self-contained" (e.g. like JWT), access tokens are not modifiable. On the other hand, if the type is "random string" (in this case, actual data are stored in the DB behind the authorization server), access tokens may be modifiable. See "7.1. Access Token Representation" in "Full-Scratch Implementor of OAuth and OpenID Connect Talks About Findings" for details.
Some authorization server implementations issue multiple access tokens for one combination of a user and a client application, and other implementations issue only one access token for the combination. A certain authorization server implementation provides a configuration flag to enable you to select either of the behaviors like below. See also this answer.
Which approach you should take depends on your use case. Look for an authorization server implementation which suits your use case best.