Although this header was base64 encoded, the oAuth spec requires
that is also be url encoded. This was causing client credentials
that contained special characters (e.g. +) to be rejected by UAA:
{"error":"uaa get token: bad response, code 401: {\"error\":\"unauthorized\",\"error_description\":\"Bad credentials\"}","level":"error","msg":"fetching","time":"2020-02-18T23:49:41Z"}
The client identifier is encoded using the
"application/x-www-form-urlencoded" encoding algorithm per
Appendix B, and the encoded value is used as the username; the client
password is encoded using the same algorithm and used as the
password.
Although this header was base64 encoded, the oAuth spec requires that is also be url encoded. This was causing client credentials that contained special characters (e.g.
+) to be rejected by UAA:https://tools.ietf.org/html/rfc6749#section-2.3.1
Related: https://github.com/golang/oauth2/issues/320
Tracker Story: #171268188
Thanks to @joshuatcasey for helping me make sense of the oAuth spec!