From d2d1f494e625b7ee9c64f70165bd6d5faf28fe21 Mon Sep 17 00:00:00 2001
From: Prilkop <AdamRimon@gmail.com>
Date: Thu, 16 Nov 2023 23:43:48 +0200
Subject: [PATCH] fix encode_client_secret_basic to match rfc6749

added url encoding of client_id and client_secret in encode_client_secret_basic per RFC 6749:
https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1
---
 authlib/oauth2/auth.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/authlib/oauth2/auth.py b/authlib/oauth2/auth.py
index c87241a9..e4ad1804 100644
--- a/authlib/oauth2/auth.py
+++ b/authlib/oauth2/auth.py
@@ -1,4 +1,5 @@
 import base64
+from urllib.parse import quote
 from authlib.common.urls import add_params_to_qs, add_params_to_uri
 from authlib.common.encoding import to_bytes, to_native
 from .rfc6749 import OAuth2Token
@@ -6,7 +7,7 @@
 
 
 def encode_client_secret_basic(client, method, uri, headers, body):
-    text = f'{client.client_id}:{client.client_secret}'
+    text = f'{quote(client.client_id)}:{quote(client.client_secret)}'
     auth = to_native(base64.b64encode(to_bytes(text, 'latin1')))
     headers['Authorization'] = f'Basic {auth}'
     return uri, headers, body