can't remove scope from request

[mbrinkl]

Any reason scope cannot be removed from request? If undefined in config, it defaults to empty string.

react-oauth2-pkce/src/authConfig.ts

Line 14 in 8acce0f

scope = '',

[sebastianvitterso]

Is there any reason why you don't want this scope as part of the request? Feel free to elaborate your needs a bit more, and we'll look into it!

[mbrinkl]

For my purposes, I later realized i could send scope as 'read write' and have same result as sending no scope. So this doesn't matter as much for me anymore.

I did find another similar issue on another oauth repo though, up to you what you want to do. mulesoft-labs/js-client-oauth2#98

[soofstad]

I agree that this should be considered a bug. For most servers the current behaviour does not cause any issues, but I see no reason why we shouldn't adhere to the spec on this.
Will you look into a fix @sebastianvitterso ? If not I can have a look in a few weeks time. Also, for some badly implemented servers, empty string should be considered a valid value that will be sent from client.

[jwill490]

@soofstad in my case, I'm accessing a Forgerock auth server that throws a 400 error when "scope" is in the request for the auth token. Is there anyway to disable the scope parameter for only the auth token request, while leaving it in the auth code request?

I imagine this is an edge case, but please let me know if you have any suggestions.