Stream: smart
Topic: scope list separator, + or %20?
Mikael Rinnetmäki (Jan 19 2021 at 11:43):
I got a request from #finnish PHR to change the list of scopes in our authorization request to be separated by the plus sign (+) instead of the encoded space character (%20).
Any views on this? Does a plus sign work equally well across existing SMART implementations? How about existing libraries, what's their default behavior and is it easy enough to change that if required?
Mikael Rinnetmäki (Jan 19 2021 at 11:45):
OpenID specification example at https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1 uses %20, the FHIR example at http://www.hl7.org/fhir/smart-app-launch/#for-example-2 uses +.
Jenni Syed (Jan 19 2021 at 16:04):
I believe it's supposed to be %20... trying to find where it describes how those are escaped
Michele Mottini (Jan 19 2021 at 16:07):
Wouldn't that just be the URL encoding standard? https://tools.ietf.org/html/rfc3986#page-11 - nothing really specific to SMART
Jenni Syed (Jan 19 2021 at 16:09):
https://tools.ietf.org/html/rfc6749#appendix-B is descriptive mostly for body
Jenni Syed (Jan 19 2021 at 16:11):
And yes, I would expect this to be URL encoded, which is the %20 and not +
Josh Mandel (Jan 19 2021 at 17:08):
https://stackoverflow.com/q/1634271 has a great discussion of the complexity here. I think that:
1) Our examples should use %20 for spaces in query param values
2) Servers should probably be ready to deal with + or %20 in query param values
Josh Mandel (Jan 19 2021 at 17:08):
Somebody want to submit a pull request? ;-)
Last updated: Apr 12 2022 at 19:14 UTC
