Scopes based on user role

I am building an app that will allow users access to do different things based on their role, ( admin vs user), The app consumes a jwt token , my plan was to use scopes, but I can’t figure out the steps to get Keycloak to generate the correct “scopes” based on the users role. Can anyone point me in the right direction here?

I see that I can also use the application -> roles section of the jwt directly, but my understanding is that is a Keycloak specific element and not something I may see if I switch IDPs.