https://github.com/GluuFederation/oxAuth/issues/677#issuecomment-360866197
Clarifying the above change, oxAuth is URL decoding the clientId and clientSecret so it will work with both cases:
```
Base64Encode(URLEncode(clientId) + ":" + URLEncode(clientSecret))
Base64Encode(clientId + ":" + clientSecret)
```
https://github.com/GluuFederation/oxAuth/commit/6431ada6ede8fa2e338b0f40896bf3f31a473333
```
username = URLDecoder.decode(token.substring(0, delim), Util.UTF8_STRING_ENCODING);
password = URLDecoder.decode(token.substring(delim + 1), Util.UTF8_STRING_ENCODING);
```
Also to make it more clear, I have added now a new test case using HTTP Basic Authentication in oxAuth with Url encoding client Id and client secret before perform the Base 64 encoding:
```
Base64Encode(URLEncode(clientId) + ":" + URLEncode(clientSecret))
Base64Encode(URLEncode("@!90CC.2E38.774C.610B!0001!FD3B.B0A0!0008!B011.91DC.5EAA.D899") + ":" + URLEncode("3fc14805-7bdb-4ce0-9861-f6ead000ac73"))
Base64Encode("%40%2190CC.2E38.774C.610B%210001%21FD3B.B0A0%210008%21B011.91DC.5EAA.D899" + ":" + "3fc14805-7bdb-4ce0-9861-f6ead000ac73")
Base64Encode("%40%2190CC.2E38.774C.610B%210001%21FD3B.B0A0%210008%21B011.91DC.5EAA.D899:3fc14805-7bdb-4ce0-9861-f6ead000ac73")
JTQwJTIxOTBDQy4yRTM4Ljc3NEMuNjEwQiUyMTAwMDElMjFGRDNCLkIwQTAlMjEwMDA4JTIxQjAxMS45MURDLjVFQUEuRDg5OTozZmMxNDgwNS03YmRiLTRjZTAtOTg2MS1mNmVhZDAwMGFjNzM=
```
https://github.com/GluuFederation/oxAuth/commit/227f79d8aba8e5a7c15151eb4083243e583aa308#diff-58a42c9f996cf0170d1de06a81d5580fR87
```
POST /restv1/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: ce.gluu.info
Authorization: Basic JTQwJTIxOTBDQy4yRTM4Ljc3NEMuNjEwQiUyMTAwMDElMjFGRDNCLkIwQTAlMjEwMDA4JTIxQjAxMS45MURDLjVFQUEuRDg5OTozZmMxNDgwNS03YmRiLTRjZTAtOTg2MS1mNmVhZDAwMGFjNzM=
grant_type=authorization_code&code=f327363e-de4e-4408-ad18-6fadf4e3f32a&redirect_uri=https%3A%2F%2Fce.gluu.info%3A8443%2Foxauth-rp%2Fhome.htm
```