Fix basic authentication to use the formurl encoding

kevinchalet · kevinchalet · commit 17bce1460b97 · 2018-05-30T17:38:06.000+02:00
diff --git a/src/AspNet.Security.OAuth.Introspection/OAuthIntrospectionHandler.cs b/src/AspNet.Security.OAuth.Introspection/OAuthIntrospectionHandler.cs
@@ -411,7 +411,20 @@ private async Task<JObject> GetIntrospectionPayloadAsync(string token)
             // See https://tools.ietf.org/html/rfc6749#section-2.3.1 for more information.
             else
             {
-                var credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes($"{Options.ClientId}:{Options.ClientSecret}"));
+                string EscapeDataString(string value)
+                {
+                    if (string.IsNullOrEmpty(value))
+                    {
+                        return null;
+                    }
+
+                    return Uri.EscapeDataString(value).Replace("%20", "+");
+                }
+
+                var credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(
+                    string.Concat(
+                        EscapeDataString(Options.ClientId), ":",
+                        EscapeDataString(Options.ClientSecret))));
 
                 request.Headers.Authorization = new AuthenticationHeaderValue(OAuthIntrospectionConstants.Schemes.Basic, credentials);
             }
diff --git a/src/Owin.Security.OAuth.Introspection/OAuthIntrospectionHandler.cs b/src/Owin.Security.OAuth.Introspection/OAuthIntrospectionHandler.cs
@@ -373,7 +373,20 @@ private async Task<JObject> GetIntrospectionPayloadAsync(string token)
             // See https://tools.ietf.org/html/rfc6749#section-2.3.1 for more information.
             else
             {
-                var credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes($"{Options.ClientId}:{Options.ClientSecret}"));
+                string EscapeDataString(string value)
+                {
+                    if (string.IsNullOrEmpty(value))
+                    {
+                        return null;
+                    }
+
+                    return Uri.EscapeDataString(value).Replace("%20", "+");
+                }
+
+                var credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(
+                    string.Concat(
+                        EscapeDataString(Options.ClientId), ":",
+                        EscapeDataString(Options.ClientSecret))));
 
                 request.Headers.Authorization = new AuthenticationHeaderValue(OAuthIntrospectionConstants.Schemes.Basic, credentials);
             }
