diff --git a/example/api/auth.js b/example/api/auth.js
index a836ccba5..53f9e0778 100644
--- a/example/api/auth.js
+++ b/example/api/auth.js
@@ -32,7 +32,11 @@ app.post('/login', (req, res, next) => {
   }
 
   const accessToken = jsonwebtoken.sign(
-    { username, rand: Math.random() * 1000 },
+    {
+      username,
+      rand: Math.random() * 1000,
+      scope: ['test', 'user']
+    },
     'dummy'
   )
 
diff --git a/example/pages/secure.vue b/example/pages/secure.vue
index c8b5ed088..ae9535b73 100644
--- a/example/pages/secure.vue
+++ b/example/pages/secure.vue
@@ -8,6 +8,11 @@
         </b-card>
       </b-col>
       <b-col md="4">
+        <b-card title="Scopes" class="mb-2">
+          User: <b-badge>{{ $auth.hasScope('user') }}</b-badge>
+          Test: <b-badge>{{ $auth.hasScope('test') }}</b-badge>
+          Admin: <b-badge>{{ $auth.hasScope('admin') }}</b-badge>
+        </b-card>
         <b-card title="token">
           {{ $auth.token || '-' }}
         </b-card>
diff --git a/lib/defaults.js b/lib/defaults.js
index f6d13e8f3..94c842c73 100644
--- a/lib/defaults.js
+++ b/lib/defaults.js
@@ -3,6 +3,7 @@ module.exports = {
   resetOnError: true,
   rewriteRedirects: true,
   namespace: 'auth',
+  scopeKey: 'scope',
   endpoints: {
     login: { url: '/api/auth/login', method: 'post', propertyName: 'token' },
     logout: { url: '/api/auth/logout', method: 'post' },
diff --git a/lib/templates/auth.class.js b/lib/templates/auth.class.js
index 595f044d7..84a6ec1d1 100644
--- a/lib/templates/auth.class.js
+++ b/lib/templates/auth.class.js
@@ -306,4 +306,18 @@ export default class Auth {
 
     this.ctx.redirect(to)
   }
+
+  hasScope (scope) {
+    const userScopes = getProp(this.state.user, this.options.scopeKey)
+
+    if (!userScopes) {
+      return
+    }
+
+    if (Array.isArray(userScopes)) {
+      return userScopes.includes(scope)
+    }
+
+    return Boolean(getProp(userScopes, scope))
+  }
 }