diff --git a/packages/app/services/authFlow/OAuthState.test.ts b/packages/app/services/authFlow/OAuthState.test.ts
index c6700a9..23d17e5 100644
--- a/packages/app/services/authFlow/OAuthState.test.ts
+++ b/packages/app/services/authFlow/OAuthState.test.ts
@@ -123,7 +123,7 @@ describe('OAuthState', () => {
         client_id: 'client_id',
         redirect_uri: 'redirect_uri',
         response_type: 'response_type',
-        scope: 'scope1,scope2',
+        scope: 'scope1,scope2,scope3',
         state: 'state',
       };
 
@@ -138,7 +138,7 @@ describe('OAuthState', () => {
           clientId: query.client_id,
           redirectUrl: query.redirect_uri,
           responseType: query.response_type,
-          scope: 'scope1 scope2',
+          scope: 'scope1 scope2 scope3',
           state: query.state,
         }),
       ).returns({ then() {} });
diff --git a/packages/app/services/authFlow/OAuthState.ts b/packages/app/services/authFlow/OAuthState.ts
index b5d591c..a0a142d 100644
--- a/packages/app/services/authFlow/OAuthState.ts
+++ b/packages/app/services/authFlow/OAuthState.ts
@@ -11,7 +11,7 @@ export default class OAuthState extends AbstractState {
         redirectUrl: query.get('redirect_uri'),
         responseType: query.get('response_type'),
         description: query.get('description'),
-        scope: (query.get('scope') || '').replace(',', ' '),
+        scope: (query.get('scope') || '').replace(/,/g, ' '),
         prompt: query.get('prompt'),
         loginHint: query.get('login_hint'),
         state: query.get('state'),