OAuth Scopes which were introduced from the release version 1.7.0, allow to have fine grained access control to API resources based on the user roles. It allows you to define scopes per API and associate defined scopes with API Resources. OAuth 2.0 bearer tokens will be obtained for a set of requested scopes and the token obtained will not be allowed to access any API Resources beyond the associated scopes. Refer OAuth Scopes for more information.
API manager uses scopes as a way of defining permissions for a resource. If a resource is assigned a scope, then the token accessing the resource should be generated with that scope. By associating a scope with a role, we can control which users are permitted to have tokens under certain scopes. So in that sense associating a role to a scope seems legitimate.
Validating role of a requester would not make much sense in some scenarios like where the scope is used as a way of making an access token. Scope is not used as a means of securing resource sometimes. e.g openId scope.
In such situations to work correctly, scope validation can be extended to skip role validation for certain scopes.
Skipping Role Validation for Scopes