I'm fairly new to it as well, but you need to configure it to use an identity server provider such as google/thinktecture identity server/linkin/facebook or others. So in other words, you need something to say "who" is logged in, that authorization server trusts, and then authorization server will provide the tokens with scopes.
You have to modify the \Configuration\identityModel.services.config file to point to the correct url of what ever identity provider you want to use.
If you want to have your own identity provider, thinktecture also has Identity Server v2 that will work great. https://github.com/thinktecture/Thinktecture.IdentityServer.v2