fix: basic scheme rejects special characters

[james-d-elliott]

Fixes an issue where the basic auth scheme rejects special characters in the base64 decoded username/password.

Related Issue or Design Document

Fixes #753

Checklist

• I have read the contributing guidelines and signed the CLA.
• I have referenced an issue containing the design document if my change introduces a new feature.
• I have read the security policy.
• I confirm that this pull request does not address a security vulnerability.
  If this pull request addresses a security vulnerability,
  I confirm that I got approval (please contact [email protected]) from the maintainers to push the changes.
• I have added tests that prove my fix is effective or that my feature works.
• I have added the necessary documentation within the code base (if appropriate).

Further comments

[aeneasr]

I don't think this implementation is correct and in fact breaks BC due to the missing QueryUnescape.

Clients in possession of a client password MAY use the HTTP Basic
authentication scheme as defined in [RFC2617] to authenticate with
the authorization server. The client identifier is encoded using the
"application/x-www-form-urlencoded" encoding algorithm per
Appendix B, and the encoded value is used as the username; the client
password is encoded using the same algorithm and used as the
password. The authorization server MUST support the HTTP Basic
authentication scheme for authenticating clients that were issued a
client password.

[james-d-elliott]

Yeah looks like it is correct as is now I read it again. Not entirely sure which element I was reading or if the confusion came from what seemed to be two differing concepts at the time. Thanks!

[aeneasr]

No problem :)