https://community.spotify.com/t5/Spotify-for-Developers/scope-parameter-should-not-be-optional/m-p/5104716#M1826 <P>Might be a silly idea, but have you tried %20 instead of the + for the space delimiter in your scope list?</P> Wed, 06 Jan 2021 02:21:54 GMT ktuli44 2021-01-06T02:21:54Z https://community.spotify.com/t5/Spotify-for-Developers/scope-parameter-should-not-be-optional/m-p/5103796#M1817 <P>Hi,</P><P>&nbsp;</P><P>&nbsp; &nbsp; &nbsp;I am trying to use the Oauth2 / OIDC authentication provided by spotify. <A href="https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest" target="_self">According to OpenID Connect documentation</A>, the parameter scope is not optional, but required. I am using a quarkus extension who passes "oidc" as value to this parameter (as defined in openid connect documentation), but the <A href="https://developer.spotify.com/documentation/general/guides/authorization-guide/" target="_self">spotify's webapi</A> is returning a message :&nbsp;</P><P>&nbsp;</P><P>"illegal scope"</P><P>&nbsp;</P><P>for my url :</P><P><BR /><SPAN>"&amp;scope=openid+user-read-private+user-read-email"</SPAN></P><P>&nbsp;</P><P>&nbsp; &nbsp; &nbsp;but the scope openid is not really "illegal", according to the docs. How could I workaround this issue? The api isn't suppose to accept this value?</P><P>&nbsp;</P><P>Kind Regards,&nbsp;</P><P>&nbsp;</P><P>Rafael</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 04 Jan 2021 19:19:00 GMT https://community.spotify.com/t5/Spotify-for-Developers/scope-parameter-should-not-be-optional/m-p/5103796#M1817 rafaeland 2021-01-04T19:19:00Z https://community.spotify.com/t5/Spotify-for-Developers/scope-parameter-should-not-be-optional/m-p/5104127#M1822 <P>Hey <a href="https://community.spotify.com/t5/user/viewprofilepage/user-id/24252003">@rafaeland</a>, thanks for posting here!<BR /><BR /></P><P>Let's dive right into this. I've taken a look and the documentation for the OpenID Connect Core states: '<EM>OpenID Connect requests MUST contain the openid</EM><SPAN><EM> scope value</EM>'. It sounds like this is specific to this product from OpenID.&nbsp;</SPAN></P><P>&nbsp;</P><P>OAuth is a standard which is implemented by multiple services. Their implementation might differ a bit. The standard is described here: <A href="https://tools.ietf.org/html/rfc6749" target="_blank" rel="noopener">https://tools.ietf.org/html/rfc6749</A>.</P><P>&nbsp;</P><P>Let me know if you have any questions!</P><P>&nbsp;</P><P>Have a good one,</P><P>Hubo&nbsp;</P> Tue, 05 Jan 2021 10:40:01 GMT https://community.spotify.com/t5/Spotify-for-Developers/scope-parameter-should-not-be-optional/m-p/5104127#M1822 Hubo 2021-01-05T10:40:01Z https://community.spotify.com/t5/Spotify-for-Developers/scope-parameter-should-not-be-optional/m-p/5104243#M1824 <P>Hi, thank you for the prompt answer.</P><P>&nbsp;</P><P>&nbsp; &nbsp; &nbsp;OIDC is an implementation of OAuth2, not the specification per see... I think you're right. Let me investigate further from my side on how can I use pure OAuth2.&nbsp;</P><P>&nbsp;</P><P>Kind regards,&nbsp;</P> Tue, 05 Jan 2021 12:47:19 GMT https://community.spotify.com/t5/Spotify-for-Developers/scope-parameter-should-not-be-optional/m-p/5104243#M1824 rafaeland 2021-01-05T12:47:19Z https://community.spotify.com/t5/Spotify-for-Developers/scope-parameter-should-not-be-optional/m-p/5104716#M1826 <P>Might be a silly idea, but have you tried %20 instead of the + for the space delimiter in your scope list?</P> Wed, 06 Jan 2021 02:21:54 GMT https://community.spotify.com/t5/Spotify-for-Developers/scope-parameter-should-not-be-optional/m-p/5104716#M1826 ktuli44 2021-01-06T02:21:54Z