Skip to content

Using URLDecoder for HTTP Basic Authorization in spring authorization server #2190

New issue
New issue
Open
Open
Using URLDecoder for HTTP Basic Authorization in spring authorization server#2190
Labels
type: bugA general bug
@ZuoJunLN

Description

@ZuoJunLN
ZuoJunLN
opened on Sep 9, 2025

Describe the bug
In file ClientSecreBasicAuthenticationConverter.java line 85, in here using URLDecoder to decode client secret, it will require the password can't contain "+".

To Reproduce
when you use client credential which include "+" in password, it will fail the authorization

Expected behavior
instead of using URLDecoder, can we use Base64?

Sample

Metadata

Metadata

Assignees

No one assigned

    Labels

    type: bugA general bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions