diff --git a/packages/arcgis-rest-auth/src/UserSession.ts b/packages/arcgis-rest-auth/src/UserSession.ts
index d470333b18..a458e6655f 100644
--- a/packages/arcgis-rest-auth/src/UserSession.ts
+++ b/packages/arcgis-rest-auth/src/UserSession.ts
@@ -376,7 +376,7 @@ export class UserSession implements IAuthenticationManager {
     const expires = new Date(
       Date.now() + parseInt(match[2], 10) * 1000 - 60 * 1000
     );
-    const username = match[3];
+    const username = decodeURIComponent(match[3]);
 
     return completeSignIn(null, {
       token,
diff --git a/packages/arcgis-rest-auth/test/UserSession.test.ts b/packages/arcgis-rest-auth/test/UserSession.test.ts
index 1824d54798..da8200297e 100644
--- a/packages/arcgis-rest-auth/test/UserSession.test.ts
+++ b/packages/arcgis-rest-auth/test/UserSession.test.ts
@@ -488,7 +488,7 @@ describe("UserSession", () => {
       const MockWindow = {
         location: {
           href:
-            "https://example-app.com/redirect-uri#access_token=token&expires_in=1209600&username=c@sey&persist=true"
+            "https://example-app.com/redirect-uri#access_token=token&expires_in=1209600&username=c%40sey&persist=true"
         },
         get parent() {
           return this;
@@ -527,7 +527,7 @@ describe("UserSession", () => {
         },
         location: {
           href:
-            "https://example-app.com/redirect-uri#access_token=token&expires_in=1209600&username=c@sey"
+            "https://example-app.com/redirect-uri#access_token=token&expires_in=1209600&username=c%40sey"
         }
       };
 
@@ -557,7 +557,7 @@ describe("UserSession", () => {
         },
         location: {
           href:
-            "https://example-app.com/redirect-uri#access_token=token&expires_in=1209600&username=c@sey"
+            "https://example-app.com/redirect-uri#access_token=token&expires_in=1209600&username=c%40sey"
         }
       };