Change default scope separator to space

[bastnic]

I'm not sure about this PR but I'm facing an issue it seems nobody else have.

Currently, the auth call is https://<keycloak url>/auth/realms/<realm>/protocol/openid-connect/auth?scope=email%2Copenid%2Cprofile%2Coffline_access%2Cphone&state=<state>&response_type=code&approval_prompt=auto&redirect_uri=<url encoded redirect uri>&client_id=<client> because the scope separator is the comma and the urlencode is PHP_QUERY_RFC3986.

This results by Keycloak not following the scope given and only returning the default one (email and profile in my case). So I get a Refresh refresh token and not an Offline as asked.

Changing the scope separator to be a space fix it for me.

I don't think it's relevant but I've some layers of AWS cloudfront / ALB before getting to Keycloak.

[andheiberg-gelato]

@stevenmaguire could you merge this?

This is needed. The code as is does not follow the KeyCloak spec.

https://www.keycloak.org/docs/latest/server_admin/#example

The scope parameter contains the string, with the scope values divided by space (which is also the reason why a client scope name cannot contain a space character in it).

[mstefan21]

Hi, This week I will prepare release of new version with this, because space is as separator from keycloak version 9 and higher

[mstefan21]

merged as new release 2.2.0