diff --git a/src/services/authFlow/OAuthState.js b/src/services/authFlow/OAuthState.js
index ead7089..4b671cd 100644
--- a/src/services/authFlow/OAuthState.js
+++ b/src/services/authFlow/OAuthState.js
@@ -10,7 +10,7 @@ export default class OAuthState extends AbstractState {
             redirectUrl: query.get('redirect_uri'),
             responseType: query.get('response_type'),
             description: query.get('description'),
-            scope: query.get('scope'),
+            scope: (query.get('scope') || '').replace(',', ' '),
             prompt: query.get('prompt'),
             loginHint: query.get('login_hint'),
             state: query.get('state')
diff --git a/src/services/authFlow/OAuthState.test.js b/src/services/authFlow/OAuthState.test.js
index dfb846a..f380ed1 100644
--- a/src/services/authFlow/OAuthState.test.js
+++ b/src/services/authFlow/OAuthState.test.js
@@ -30,7 +30,7 @@ describe('OAuthState', () => {
                 redirect_uri: 'redirect_uri',
                 response_type: 'response_type',
                 description: 'description',
-                scope: 'scope',
+                scope: 'scope1 scope2',
                 prompt: 'none',
                 login_hint: '1',
                 state: 'state'
@@ -64,7 +64,7 @@ describe('OAuthState', () => {
             const query = {
                 redirect_uri: 'redirect_uri',
                 response_type: 'response_type',
-                scope: 'scope',
+                scope: 'scope1 scope2',
                 state: 'state'
             };
 
@@ -94,7 +94,7 @@ describe('OAuthState', () => {
                 client_id: 'client_id',
                 redirect_uri: 'redirect_uri',
                 response_type: 'response_type',
-                scope: 'scope',
+                scope: 'scope1 scope2',
                 state: 'state'
             };
 
@@ -118,6 +118,34 @@ describe('OAuthState', () => {
             state.enter(context);
         });
 
+        it('should replace commas with spaces in scope param', () => {
+            const query = {
+                client_id: 'client_id',
+                redirect_uri: 'redirect_uri',
+                response_type: 'response_type',
+                scope: 'scope1,scope2',
+                state: 'state',
+            };
+
+            context.getRequest.returns({
+                query: new URLSearchParams(query),
+            });
+
+            expectRun(
+                mock,
+                'oAuthValidate',
+                sinon.match({
+                    clientId: query.client_id,
+                    redirectUrl: query.redirect_uri,
+                    responseType: query.response_type,
+                    scope: 'scope1 scope2',
+                    state: query.state,
+                })
+            ).returns({then() {}});
+
+            state.enter(context);
+        });
+
         it('should transition to complete state on success', () => {
             const promise = Promise.resolve();