Hotfix: urlencode credentials in clientSecret

thomasvargiu · thomasvargiu · commit 4ccd1e6897a7 · 2021-02-02T16:47:51.000+01:00
diff --git a/src/AuthMethod/ClientSecretBasic.php b/src/AuthMethod/ClientSecretBasic.php
@@ -31,7 +31,7 @@ public function createRequest(
 
         $request = $request->withHeader(
             'Authorization',
-            'Basic ' . base64_encode($clientId . ':' . $clientSecret)
+            'Basic ' . base64_encode(urlencode($clientId) . ':' . urlencode($clientSecret))
         );
 
         $request->getBody()->write(http_build_query($claims));
diff --git a/tests/AuthMethod/ClientSecretBasicTest.php b/tests/AuthMethod/ClientSecretBasicTest.php
@@ -32,10 +32,10 @@ public function testCreateRequest(): void
         $metadata = $this->prophesize(ClientMetadataInterface::class);
 
         $client->getMetadata()->willReturn($metadata->reveal());
-        $metadata->getClientId()->willReturn('foo');
-        $metadata->getClientSecret()->willReturn('bar');
+        $metadata->getClientId()->willReturn('fooo');
+        $metadata->getClientSecret()->willReturn('bar%');
 
-        $request->withHeader('Authorization', 'Basic ' . base64_encode('foo:bar'))
+        $request->withHeader('Authorization', 'Basic ' . base64_encode('fooo:bar%25'))
             ->shouldBeCalled()
             ->willReturn($requestWithHeader->reveal());
 
