There is a bug in the new V3 OAuth2 API. The server is not accepting URL encoded strings. In particular, the scopes must be separated by a plus sign (+). As an properly encode URL, they should be %2B, but that does not work. You have to pass them as an actual plus (+) sign.
This used to work correctly in the previous version of the OAuth2 API, but appears to have been broken with the new PKCE end points. I have a workaround (use + instead of %2B), but I think this should be fixed.
More details here: https://community.constantcontact.com/t5/Developer-Support-ask-questions/One-or-more-scopes-are-not-...
Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.
We greatly appreciate you bringing this to our attention. It looks like we have already reported this issue to our development team in response to your previous post: https://community.constantcontact.com/t5/Developer-Support-ask-questions/One-or-more-scopes-are-not-...
Please have a look and let us know if you have any other questions!
View API documentation, code samples, get your API key.Visit Page
Join our list to be notified of new features and updates to our V3 API.Sign Up