Hello Michele,
That's correct! Our Sandbox is associated with the Production instance of the Authorization server, so you would not be able to test this until it becomes GA.
However, you can mimic this by editing your development app in the code portal and removing some of the authorized scopes. The app would still request the full set, but only a subset would be granted due to the configuration. This would result in the same authorization workflow as a patient redacting the scopes.
If you have any additional questions, let us know!