Expected Behavior

As described in RFC6749, both the client id and client secret values should be:

encoded using the "application/x-www-form-urlencoded" encoding algorithm per Appendix B

Insomnium should either encode them automatically, or at least provide a button in the UI to do it manually so I don't have to use external tools.

Actual Behavior

Insomnium skips the URL encoding step and concatenates these values exactly as they are in the UI text fields.

Reproduction Steps

No response

Is there an existing issue for this?

• I have searched the issue tracker for this problem.

Additional Information

This change is needed only when sending credentials as basic auth header. If they're sent in the request body, encoding is not required (see RFC) and current behavior works fine. However, that is not the recommended approach.

Insomnium Version

0.2.3-a

What operating system are you using?

Windows

Operating System Version

Windows 11 version 23H2

Installation method

winget

Last Known Working Insomnium version

No response