From 9be037c0db6276d0d4d18ac9e7d74af3e80e7c50 Mon Sep 17 00:00:00 2001
From: Luca Corti <luca@fantacast.it>
Date: Mon, 16 Sep 2013 22:50:21 +0200
Subject: [PATCH 1/2] Fix urldecoding of client_id/secret

---
 oauth2_provider/oauth2_validators.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/oauth2_provider/oauth2_validators.py b/oauth2_provider/oauth2_validators.py
index d52a8e099..0a0222d02 100644
--- a/oauth2_provider/oauth2_validators.py
+++ b/oauth2_provider/oauth2_validators.py
@@ -1,6 +1,7 @@
 from __future__ import unicode_literals
 
 import base64
+import urlib
 import logging
 from datetime import timedelta
 
@@ -44,7 +45,7 @@ def _authenticate_basic_auth(self, request):
         client_id, client_secret = auth_string_decoded.split(':', 1)
 
         try:
-            request.client = Application.objects.get(client_id=client_id, client_secret=client_secret)
+            request.client = Application.objects.get(client_id=urllib.unquote_plus(client_id), client_secret=urllib.unquote_plus(client_secret))
             return True
 
         except Application.DoesNotExist:

From 0e71410d550649e3b23dc1e68ab4a87722038848 Mon Sep 17 00:00:00 2001
From: Luca Corti <luca.corti@sparkling18.com>
Date: Tue, 17 Sep 2013 14:50:27 +0200
Subject: [PATCH 2/2] Revert previous

---
 oauth2_provider/oauth2_validators.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/oauth2_provider/oauth2_validators.py b/oauth2_provider/oauth2_validators.py
index 0a0222d02..d52a8e099 100644
--- a/oauth2_provider/oauth2_validators.py
+++ b/oauth2_provider/oauth2_validators.py
@@ -1,7 +1,6 @@
 from __future__ import unicode_literals
 
 import base64
-import urlib
 import logging
 from datetime import timedelta
 
@@ -45,7 +44,7 @@ def _authenticate_basic_auth(self, request):
         client_id, client_secret = auth_string_decoded.split(':', 1)
 
         try:
-            request.client = Application.objects.get(client_id=urllib.unquote_plus(client_id), client_secret=urllib.unquote_plus(client_secret))
+            request.client = Application.objects.get(client_id=client_id, client_secret=client_secret)
             return True
 
         except Application.DoesNotExist: