Skip to content
View as Markdown
View as Markdown

@salesforce/b2c-tooling-sdk / auth / encodeBasicClientCredentials

Function: encodeBasicClientCredentials()

encodeBasicClientCredentials(clientId, clientSecret): string

Defined in: packages/b2c-tooling-sdk/src/auth/client-credentials.ts:58

Builds the base64 payload for an Authorization: Basic header carrying OAuth client credentials, per RFC 6749 §2.3.1.

The client identifier and client password are each form-url-encoded (RFC 6749 Appendix B) before being joined with a colon and Base64-encoded (RFC 7617 §2, the HTTP Basic scheme). Skipping the per-component encoding corrupts any credential containing characters the server form-url-decodes: a raw + is read as a space and a valid %xx escape is decoded to another byte (both yield invalid_client -- a wrong-but-valid secret), while an invalid escape such as %zz makes a strict decoder error out (unauthorized_client / "Unexpected error when authenticating client"). The same credential succeeds when sent in the request body, which is form-url-encoded by construction -- the "body works, Basic fails" symptom.

Parameters

clientId

string

The OAuth client identifier

clientSecret

string

The OAuth client password/secret

Returns

string

The Base64 string to place after Basic in the Authorization header

See

Released under the Apache-2.0 License.