Invalid scopes

[BrunoM24]

I'm getting an error saying that the scopes are invalid, but I think the problem is the encoding

UserManager:

const userManager = new UserManager({ client_id: import.meta.env.VITE_CLIENT_ID, authority: import.meta.env.VITE__AUTH, redirect_uri: import.meta.env.VITE_REDIRECT_URL, scope: 'openid profile email', response_type: 'code', userStore: new WebStorageStateStore({ store: localStorage }) })

parms sent on the request:

client_id: xxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
redirect_uri: https://xxxxxx.xxx/login-completed
response_type: code
scope: openid profile email
state: ac2551245239411dbb6c6de77d7f14df
code_challenge: tcXobU0N1tYsUeCTojFfWSr1oXVEKlP52yAxV4lmxVw
code_challenge_method: S256

The request sent by the lib:

https://xxxxxxxxxxx.xx/affwebservices/CASSO/oidc/xxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/authorize?client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx&redirect_uri=https%3A%2F%2Fxxxxxxx.xx%2Flogin-completed&response_type=code&scope=openid+profile+email&state=ac2551245239411dbb6c6de77d7f14df&code_challenge=tcXobU0N1tYsUeCTojFfWSr1oXVEKlP52yAxV4lmxVw&code_challenge_method=S256

The scope are being sent like "scope=openid+profile+email"

I think the spaces should have been replaces by "%20" instead of "+"

[pamapa]

The affected code is here:

oidc-client-ts/src/SigninRequest.ts

Lines 113 to 119 in 81959b1

	const parsedUrl = new URL(url);
	parsedUrl.searchParams.append("client_id", client_id);
	parsedUrl.searchParams.append("redirect_uri", redirect_uri);
	parsedUrl.searchParams.append("response_type", response_type);
	parsedUrl.searchParams.append("scope", scope);
	if (nonce) {
	parsedUrl.searchParams.append("nonce", nonce);

Using the official URL class. So i do not think this is wrong. And this is working with a lot of IdPs already. What kind of IdP are you using?

A space can be encoded with a plus (+) sign or with %20.