let url = new URL("https://example.com?foo=1&bar=2");
undefined
url.searchParams.set("scope", "a b c")
undefined
url.toString()
"https://example.com/?foo=1&bar=2&scope=a+b+c"
url.href.replace("+", "%20")
"https://example.com/?foo=1&bar=2&scope=a%20b+c"
I may be able to implement this bug fix.
To Reproduce
Issuer and Client configuration: (inline or gist) - Don't forget to redact your secrets.
Describe the bug There is a problem in processing the delimiter in the scope parameter of the authorization request. The method for generating the authorization request URL has been changed by the following commit. This also seems to add processing to replace
+
with%20
. However, it seems that only one space is replaced. https://github.com/panva/node-openid-client/commit/a9d3a87d2727bb37a535aeac9da9851ffdef8613#diff-ca407d959d33ce92a7f7efee354a5ea5e6e61fcd797d32c04205e429a074ed54example:
I may be able to implement this bug fix.
To Reproduce Issuer and Client configuration: (inline or gist) - Don't forget to redact your secrets.
=>
Received: "https://localhost:5555/oauth2/authorize?client_id=TEST_CLIENT_ID&scope=tweet.read%20users.read+offline.access&response_type=code&redirect_uri=TEST_REDIRECT_URI&state=TEST_STATE&code_challenge=TEST_CODE_CHALLENGE&code_challenge_method=S256
Expected behaviour All delimiters are replaced correctly.
Environment:
Additional context Add any other context about the problem here.