use the same encoding as on client side

see OIDCAuthenticationFilter line 336
8 years ago · a7b2b7cbea
1 changed files with 1 additions and 1 deletions
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
@ -68,7 +68,7 @@ public class UriEncodedClientUserDetailsService implements UserDetailsService {

 			if (client != null) {

-				String encodedPassword = UriUtils.encodeQueryParam(Strings.nullToEmpty(client.getClientSecret()), "UTF-8");
+				String encodedPassword = UriUtils.encodePathSegment(Strings.nullToEmpty(client.getClientSecret()), "UTF-8");

 				if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets
 						(client.getTokenEndpointAuthMethod() != null &&