diff --git a/src/jetstream/authuaa.go b/src/jetstream/authuaa.go
index a0775beb53..25f13677f6 100644
--- a/src/jetstream/authuaa.go
+++ b/src/jetstream/authuaa.go
@@ -367,7 +367,7 @@ func (p *portalProxy) getUAAToken(body url.Values, skipSSLValidation bool, clien
 		return nil, fmt.Errorf(msg, err)
 	}
 
-	req.SetBasicAuth(client, clientSecret)
+	req.SetBasicAuth(url.QueryEscape(client), url.QueryEscape(clientSecret))
 	req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationForm)
 
 	var h = p.GetHttpClientForRequest(req, skipSSLValidation)
diff --git a/src/jetstream/plugins/metrics/main.go b/src/jetstream/plugins/metrics/main.go
index d6ad0d7a29..41ab846393 100644
--- a/src/jetstream/plugins/metrics/main.go
+++ b/src/jetstream/plugins/metrics/main.go
@@ -226,7 +226,7 @@ func (m *MetricsSpecification) Connect(ec echo.Context, cnsiRecord interfaces.CN
 
 func (m *MetricsSpecification) addAuth(req *http.Request, auth *MetricsAuth) {
 	if auth.Type == interfaces.AuthConnectTypeCreds {
-		req.SetBasicAuth(auth.Username, auth.Password)
+		req.SetBasicAuth(url.QueryEscape(auth.Username), url.QueryEscape(auth.Password))
 	}
 }