Hotfix: urlencode credentials in clientSecret

facile-it · Feb 2, 2021 · 4ccd1e6 · 4ccd1e6
1 parent 41dfc39
commit 4ccd1e6
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/src/AuthMethod/ClientSecretBasic.php b/src/AuthMethod/ClientSecretBasic.php
@@ -31,7 +31,7 @@ public function createRequest(
 
         $request = $request->withHeader(
             'Authorization',
-            'Basic ' . base64_encode($clientId . ':' . $clientSecret)
+            'Basic ' . base64_encode(urlencode($clientId) . ':' . urlencode($clientSecret))
         );
 
         $request->getBody()->write(http_build_query($claims));

diff --git a/tests/AuthMethod/ClientSecretBasicTest.php b/tests/AuthMethod/ClientSecretBasicTest.php
@@ -32,10 +32,10 @@ public function testCreateRequest(): void
         $metadata = $this->prophesize(ClientMetadataInterface::class);
 
         $client->getMetadata()->willReturn($metadata->reveal());
-        $metadata->getClientId()->willReturn('foo');
-        $metadata->getClientSecret()->willReturn('bar');
+        $metadata->getClientId()->willReturn('fooo');
+        $metadata->getClientSecret()->willReturn('bar%');
 
-        $request->withHeader('Authorization', 'Basic ' . base64_encode('foo:bar'))
+        $request->withHeader('Authorization', 'Basic ' . base64_encode('fooo:bar%25'))
             ->shouldBeCalled()
             ->willReturn($requestWithHeader->reveal());