diff --git a/lib/helpers/client.js b/lib/helpers/client.js
index 8c2f7fc..65c7fdb 100644
--- a/lib/helpers/client.js
+++ b/lib/helpers/client.js
@@ -9,7 +9,26 @@ const request = require('./request');
 const { keystores } = require('./weak_cache');
 const merge = require('./merge');
 
-const formUrlEncode = (value) => encodeURIComponent(value).replace(/%20/g, '+');
+function formUrlEncode(token) {
+  return encodeURIComponent(token).replace(/(?:[-_.!~*'()]|%20)/g, (substring) => {
+    switch (substring) {
+      case '-':
+      case '_':
+      case '.':
+      case '!':
+      case '~':
+      case '*':
+      case "'":
+      case '(':
+      case ')':
+        return `%${substring.charCodeAt(0).toString(16).toUpperCase()}`;
+      case '%20':
+        return '+';
+      default:
+        throw new Error();
+    }
+  });
+}
 
 async function clientAssertion(endpoint, payload) {
   let alg = this[`${endpoint}_endpoint_auth_signing_alg`];
diff --git a/test/client/client_instance.test.js b/test/client/client_instance.test.js
index 7530103..5fee8e4 100644
--- a/test/client/client_instance.test.js
+++ b/test/client/client_instance.test.js
@@ -2274,7 +2274,7 @@ describe('Client', () => {
         expect(await clientInternal.authFor.call(client, 'token')).to.eql({
           headers: {
             Authorization:
-              'Basic YW4lM0FpZGVudGlmaWVyOnNvbWUrc2VjdXJlKyUyNitub24tc3RhbmRhcmQrc2VjcmV0',
+              'Basic YW4lM0FpZGVudGlmaWVyOnNvbWUrc2VjdXJlKyUyNitub24lMkRzdGFuZGFyZCtzZWNyZXQ=',
           },
         });
       });