diff --git a/src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs b/src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs
index 60b0765d..bbd62009 100644
--- a/src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs
+++ b/src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs
@@ -190,6 +190,35 @@ namespace OpenIddict.Core
             return Store.FindAsync(subject, client, cancellationToken);
         }
 
+        /// <summary>
+        /// Retrieves the authorizations corresponding to the specified subject, associated with
+        /// the application identifier and for which the specified scopes have been granted.
+        /// </summary>
+        /// <param name="subject">The subject associated with the authorization.</param>
+        /// <param name="client">The client associated with the authorization.</param>
+        /// <param name="scopes">The minimal scopes associated with the authorization.</param>
+        /// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
+        /// <returns>
+        /// A <see cref="Task"/> that can be used to monitor the asynchronous operation, whose result
+        /// returns the authorizations corresponding to the specified subject/client/scopes.
+        /// </returns>
+        public virtual Task<ImmutableArray<TAuthorization>> FindAsync(
+            [NotNull] string subject, [NotNull] string client,
+            ImmutableArray<string> scopes, CancellationToken cancellationToken)
+        {
+            if (string.IsNullOrEmpty(subject))
+            {
+                throw new ArgumentException("The subject cannot be null or empty.", nameof(subject));
+            }
+
+            if (string.IsNullOrEmpty(client))
+            {
+                throw new ArgumentException("The client identifier cannot be null or empty.", nameof(client));
+            }
+
+            return Store.FindAsync(subject, client, scopes, cancellationToken);
+        }
+
         /// <summary>
         /// Retrieves an authorization using its unique identifier.
         /// </summary>
diff --git a/src/OpenIddict.Core/Stores/IOpenIddictAuthorizationStore.cs b/src/OpenIddict.Core/Stores/IOpenIddictAuthorizationStore.cs
index 639b62c1..94e0146b 100644
--- a/src/OpenIddict.Core/Stores/IOpenIddictAuthorizationStore.cs
+++ b/src/OpenIddict.Core/Stores/IOpenIddictAuthorizationStore.cs
@@ -75,6 +75,22 @@ namespace OpenIddict.Core
         /// </returns>
         Task<ImmutableArray<TAuthorization>> FindAsync([NotNull] string subject, [NotNull] string client, CancellationToken cancellationToken);
 
+        /// <summary>
+        /// Retrieves the authorizations corresponding to the specified subject, associated with
+        /// the application identifier and for which the specified scopes have been granted.
+        /// </summary>
+        /// <param name="subject">The subject associated with the authorization.</param>
+        /// <param name="client">The client associated with the authorization.</param>
+        /// <param name="scopes">The minimal scopes associated with the authorization.</param>
+        /// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
+        /// <returns>
+        /// A <see cref="Task"/> that can be used to monitor the asynchronous operation, whose result
+        /// returns the authorizations corresponding to the specified subject/client/scopes.
+        /// </returns>
+        Task<ImmutableArray<TAuthorization>> FindAsync(
+            [NotNull] string subject, [NotNull] string client,
+            ImmutableArray<string> scopes, CancellationToken cancellationToken);
+
         /// <summary>
         /// Retrieves an authorization using its unique identifier.
         /// </summary>
diff --git a/src/OpenIddict.Core/Stores/OpenIddictAuthorizationStore.cs b/src/OpenIddict.Core/Stores/OpenIddictAuthorizationStore.cs
index 520053ba..acdd7e25 100644
--- a/src/OpenIddict.Core/Stores/OpenIddictAuthorizationStore.cs
+++ b/src/OpenIddict.Core/Stores/OpenIddictAuthorizationStore.cs
@@ -5,6 +5,7 @@
  */
 
 using System;
+using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.ComponentModel;
 using System.Linq;
@@ -111,6 +112,46 @@ namespace OpenIddict.Core
                 (key: ConvertIdentifierFromString(client), principal: subject), cancellationToken);
         }
 
+        /// <summary>
+        /// Retrieves the authorizations corresponding to the specified subject, associated with
+        /// the application identifier and for which the specified scopes have been granted.
+        /// </summary>
+        /// <param name="subject">The subject associated with the authorization.</param>
+        /// <param name="client">The client associated with the authorization.</param>
+        /// <param name="scopes">The minimal scopes associated with the authorization.</param>
+        /// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
+        /// <returns>
+        /// A <see cref="Task"/> that can be used to monitor the asynchronous operation, whose result
+        /// returns the authorizations corresponding to the specified subject/client/scopes.
+        /// </returns>
+        public virtual async Task<ImmutableArray<TAuthorization>> FindAsync(
+            [NotNull] string subject, [NotNull] string client,
+            ImmutableArray<string> scopes, CancellationToken cancellationToken)
+        {
+            if (string.IsNullOrEmpty(subject))
+            {
+                throw new ArgumentException("The subject cannot be null or empty.", nameof(subject));
+            }
+
+            if (string.IsNullOrEmpty(client))
+            {
+                throw new ArgumentException("The client cannot be null or empty.", nameof(client));
+            }
+
+            var builder = ImmutableArray.CreateBuilder<TAuthorization>();
+
+            foreach (var authorization in await FindAsync(subject, client, cancellationToken))
+            {
+                var set = new HashSet<string>(await GetScopesAsync(authorization, cancellationToken), StringComparer.Ordinal);
+                if (set.IsSupersetOf(scopes))
+                {
+                    builder.Add(authorization);
+                }
+            }
+
+            return builder.ToImmutable();
+        }
+
         /// <summary>
         /// Retrieves an authorization using its unique identifier.
         /// </summary>