From 63c9fb698912dd7c87eaaa7979640fead1cb3694 Mon Sep 17 00:00:00 2001
From: Hsiaoming Yang <me@lepture.com>
Date: Sat, 24 Aug 2024 13:59:11 +0900
Subject: [PATCH] fix(oauth2): unquote username and password for basic auth

---
 authlib/oauth2/rfc6749/util.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/authlib/oauth2/rfc6749/util.py b/authlib/oauth2/rfc6749/util.py
index a216fbf3..d7bc5d91 100644
--- a/authlib/oauth2/rfc6749/util.py
+++ b/authlib/oauth2/rfc6749/util.py
@@ -1,5 +1,6 @@
 import base64
 import binascii
+from urllib.parse import unquote
 from authlib.common.encoding import to_unicode
 
 
@@ -36,5 +37,5 @@ def extract_basic_authorization(headers):
         return None, None
     if ':' in query:
         username, password = query.split(':', 1)
-        return username, password
+        return unquote(username), unquote(password)
     return query, None