1 files changed, 28 insertions, 3 deletions

diff --git a/src/zenhttp/auth/oidc.cpp b/src/zenhttp/auth/oidc.cpp
index 4b306236c..eea81fbdb 100644
--- a/src/zenhttp/auth/oidc.cpp
+++ b/src/zenhttp/auth/oidc.cpp
@@ -28,6 +28,27 @@ namespace details {
 		return Result;
 	}
 
+	std::string UrlEncodeFormValue(std::string_view Input)
+	{
+		std::string Result;
+		Result.reserve(Input.size());
+		for (unsigned char Ch : Input)
+		{
+			if ((Ch >= 'A' && Ch <= 'Z') || (Ch >= 'a' && Ch <= 'z') || (Ch >= '0' && Ch <= '9') || Ch == '-' || Ch == '_' || Ch == '.' ||
+				Ch == '~')
+			{
+				Result += static_cast<char>(Ch);
+			}
+			else
+			{
+				char Hex[4];
+				snprintf(Hex, sizeof(Hex), "%%%02X", Ch);
+				Result.append(Hex, 3);
+			}
+		}
+		return Result;
+	}
+
 }  // namespace details
 
 using namespace std::literals;
@@ -81,7 +102,9 @@ OidcClient::Initialize()
 OidcClient::RefreshTokenResult
 OidcClient::RefreshToken(std::string_view RefreshToken)
 {
-	const std::string Body = fmt::format("grant_type=refresh_token&refresh_token={}&client_id={}", RefreshToken, m_ClientId);
+	const std::string Body = fmt::format("grant_type=refresh_token&refresh_token={}&client_id={}",
+										 details::UrlEncodeFormValue(RefreshToken),
+										 details::UrlEncodeFormValue(m_ClientId));
 
 	HttpClient Http{m_Config.TokenEndpoint};
 
@@ -119,8 +142,10 @@ OidcClient::RefreshToken(std::string_view RefreshToken)
 OidcClient::RefreshTokenResult
 OidcClient::ExchangeAuthorizationCode(std::string_view Code, std::string_view RedirectUri)
 {
-	const std::string Body =
-		fmt::format("grant_type=authorization_code&code={}&redirect_uri={}&client_id={}", Code, RedirectUri, m_ClientId);
+	const std::string Body = fmt::format("grant_type=authorization_code&code={}&redirect_uri={}&client_id={}",
+										 details::UrlEncodeFormValue(Code),
+										 details::UrlEncodeFormValue(RedirectUri),
+										 details::UrlEncodeFormValue(m_ClientId));
 
 	HttpClient Http{m_Config.TokenEndpoint};