Scope separator: DocuSign expects URL encoded spaces

[jeff00seattle]

This is a scoping separator issue that either DocuSign identity service or this passport-docusign module needs to resolve.

DocuSign identity service handling of scope expects not commas but URL encoded spaces.

I am working on a service that uses DocuSign identity service to authenticate to use CLM, which requires SpringCM scoping:

• spring_read
• spring_write

It expects the scoping separation to be URL encoded spaces '%20'. scope=spring_read%20spring_write

passport-docusign default scope formatted does not work to permit access to SpringCM API using DocuSign access token: scope=spring_read%2Cspring_write

• Not '+'
• Not commas ','
• Not URL encoded commas '%2C'

[LarryKlugerDS]

Have you tried setting the Passport OAuth2 options attribute scopeSeparator ?

I think you're right that the default setting in strategy.js should be updated to %20

But it looks like you can set it explicitly.

[LarryKlugerDS]

... And you set the options.scope to an array with your desired scopes. See Line 230 of the OAuth2 strategy

[jeff00seattle]

@LarryKlugerDS

DocuSign api documentation lists scopes separated by url-encoded space '%20' : https://developers.docusign.com/orgadmin-api/guides/auth

[jeff00seattle]

@LarryKlugerDS, @mmallis87 ,

In order to be able to access DocuSign CLM via SpringCM API v2, it requires a DocuSign access token with both of the following scopes:

• spring_read
• spring_write

As mentioned in the previous comment, DocuSign api documentation lists scopes separated by url-encoded space'%20', example using aforementioned DocuSign scopes expected for accessing SpringCM using DocuSign access token, this works if formatted as follows:

Valid: spring_read%20spring_write

For passport-docusign, as mentioned, default comma ',' is not allowed for DocuSign api scope separation and does not work for SpringCM scoping. Comma separation is common for other Auth Grant providers: Google, Microsoft, Box, and Dropbox to name a few.

Not valid: &scope=spring_read%2Cspring_write&

For passport-docusign, if I used scopeSeparator: ' ', then it generates '+' instead. Even though considered a valid URL separator for spaces, it is not valid for DocuSign API scope separation, expecting instead '%20'.

Not valid: &scope=spring_read+spring_write&

[LarryKlugerDS]

Hi Jeff! Am I right that you fixed this issues with your PRs and added tests?

Thank you very much for your help with this project, Larry

[LarryKlugerDS]

+ is now supported as a scope separator in addition to %20