An authorization server, comprises: receiving from a client an authorization request in which a scope group, with which one or a plurality of scopes that define an extent for using a Web service are associated, is designated; presenting to a user, in a case where one or more scopes among the one or a plurality of scopes associated with the scope group are included in an extent of an authority that the user has, a screen for accepting an authorization operation corresponding to the authorization request; issuing to the client, in accordance with accepting the authorization operation of the user corresponding to the authorization request via the screen, authorization information relating to the scope group; and issuing, in accordance with accepting an authorization token request based on the issued authorization information, an authorization token corresponding to the scope group.