you are encoding the URL where you shouldn’t be/where other encoding already processed
Try
Or don’t use URLSearchParam
With scopes you need to literally send + and : not their encoded forms.
Covered on, some really old posts after searching the forums to be sure