With Spring Security OAuth2, how to restrict access to only certain types of users

Scenario We are using Spring Security 2 with OAuth2 integration on our system. There are different types of users and different internal and external OAuth clients on the system. Some of these clients only need a custom type A to be able to log in, while others only want to allow type B.

The question I am considering various places to implement this logic, and the only place where I can see how to get the user name and client CompatistStore interface, means that I can potentially realize utverzhdenieStore, which returns an empty resolution for undesirable combinations.

Is this the right place or is there a better place to put this logic?