fix: encode client_secret_basic - _ . ! ~ * ' ( ) characters

Because encodeURIComponent() encodes everything except alphanumericals
and `- _ . ! ~ * ' ( )` these need to be encoded explicitly similar to
how the resulting `%20' is replaced with '+'

This is as per RFC6749 Section 2.3.1 and Appendix B

Author: panva

lib/helpers/client.js

@@ -9,7 +9,26 @@ const request = require('./request');
 const { keystores } = require('./weak_cache');
 const merge = require('./merge');
 
-const formUrlEncode = (value) => encodeURIComponent(value).replace(/%20/g, '+');
+function formUrlEncode(token) {
+  return encodeURIComponent(token).replace(/(?:[-_.!~*'()]|%20)/g, (substring) => {
+    switch (substring) {
+      case '-':
+      case '_':
+      case '.':
+      case '!':
+      case '~':
+      case '*':
+      case "'":
+      case '(':
+      case ')':
+        return `%${substring.charCodeAt(0).toString(16).toUpperCase()}`;
+      case '%20':
+        return '+';
+      default:
+        throw new Error();
+    }
+  });
+}
 
 async function clientAssertion(endpoint, payload) {
   let alg = this[`${endpoint}_endpoint_auth_signing_alg`];

test/client/client_instance.test.js

@@ -2274,7 +2274,7 @@ describe('Client', () => {
         expect(await clientInternal.authFor.call(client, 'token')).to.eql({
           headers: {
             Authorization:
-              'Basic YW4lM0FpZGVudGlmaWVyOnNvbWUrc2VjdXJlKyUyNitub24tc3RhbmRhcmQrc2VjcmV0',
+              'Basic YW4lM0FpZGVudGlmaWVyOnNvbWUrc2VjdXJlKyUyNitub24lMkRzdGFuZGFyZCtzZWNyZXQ=',
           },
         });
       });