Wrong encoding used for basic Authorization header

jumbojett / OpenID-Connect-PHP

Minimalist OpenID Connect client

https://github.com/jumbojett/OpenID-Connect-PHP

Apache License 2.0

607 stars 365 forks source link

Wrong encoding used for basic Authorization header #359

Open mazocode opened 1 year ago

mazocode commented 1 year ago

The header is generated by url encoding the username and password before base64 encoding. This is wrong and may result in authentication errors with special characters within username or credentials.

See requestTokens() and others in OpenIDConnectClient.php

azmeuk commented 1 year ago

Hi. Thank you for your report. Would you consider submitting a PR including a test demonstrating the authentication errors you are referring to?