url encode clientId:clientSecret on Basic Auth when get token set by code

[xenon-ua]

Definitions:
clientId = crm
clientSecret = crm_$ecreT
Auth type: Auth code flow

When I get token set by code with client.callback( . . . ) it sends POST request to route /token with Basic auth method. The client_id and client_secret are url encoded in the file /lib/helpers/client.js:97:
const encoded = '${formUrlEncode(this.client_id)}:${formUrlEncode(this.client_secret)}'
It converts my client_secret from crm_$ecreT to crm_%24ecreT. Thus, the server does not accept credentials and returns 401.
Is it wrong?

[panva]

It is not wrong, this is how it is defined in rfc6749#appendix-B. It is the "server" that's not processing it correctly.

[xenon-ua]

As I understand, it refers to the payload, not to headers (in case we send client_id and client_secret in the body). Basic Auth standard does not imply any additional encoding other than Base64. All examples that I have seen on the Internet when receiving a token do not produce url encoding for the Authorization header. For example here:
sample section 1.2 (and other examples, if necessary I can find)

[panva]

Please see https://tools.ietf.org/html/rfc6749#section-2.3.1

Clients in possession of a client password MAY use the HTTP Basic
authentication scheme as defined in [RFC2617] to authenticate with
the authorization server. The client identifier is encoded using the
"application/x-www-form-urlencoded" encoding algorithm per
Appendix B, and the encoded value is used as the username; the client
password is encoded using the same algorithm and used as the
password.

[xenon-ua]

Thank you very much for your answer and explanation