Adobe Experience Manager Sites & More

I have an application that works with AEM Assets (uploading and downloading) and I want to use an actual access token instead of the Local Development Token that the AEM instance provides.
I am using those topics as an example:
https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4...

https://labs.tadigital.com/index.php/2017/08/18/aem-as-oauth-server-part-1-setting-up-scopes/

https://labs.tadigital.com/index.php/2017/09/06/aem-as-oauth-server-part-2-testing-oauth/

Everything works on my localhost:4502 instance, but I want to implement it on my type of https://author-p#####-e######.adobeaemcloud.com/ instance and I have faced several problems and I have a few questions.

1. I don't have an access to the server config settings in CRDXE lite -> Tools where I should enable the OAuth Server Authentication Handler. I am getting 403 even with admin rights. Should I enable some additional permissions? Is it what Adobe Support can me help with? The environment was created and provided by Adobe.

2. I don't know how to develop and deploy an application that will enable custom scopes so they will appear on my instance. Is there any documentation for this?

3. Is it possible to implement custom scopes using Adobe Experience Manager UI? We are developing and testing our application against our own instance but our plan is to make an application that will work with others' AEM as Cloud Service instances.

Thanks in advance.