Don't use `url.QueryEscape` for clientID and clientSecret

[dmgcodevil]

I have '!' symbol in my clientSecret, using escape function produces a value that rejected by oauth server.

Creds:

clientID := "test"
clientSecret := "t!st"

Accepted:

	if authStyle == AuthStyleInHeader {
		req.SetBasicAuth(clientID, clientSecret)
	}

Rejected:

	if authStyle == AuthStyleInHeader {
		req.SetBasicAuth(url.QueryEscape(clientID), url.QueryEscape(clientSecret))
	}

Since it's a header value, not query, is it possible to remove: QueryEscape ?

[holgpar]

I have the same issue. Escaping username and password is unnecessary (because the value of the header will be base64 encoded anyhow), and wrong accoring to the basic auth rfc: https://tools.ietf.org/html/rfc2617#section-2

[xorkevin]

It seems like this is already a year old issue, but would like to note that url.QueryEscape is necessary to adhere to the oauth 2.0 spec: https://tools.ietf.org/html/rfc6749#section-2.3.1

[adeinega]

@xorkevin, yes, it's a must.

[Jorgagu]

@seankhliao what if the provider doesn't respect this OAuth 2.0 spec like [Epic Games EOS OAuth 2.0] (https://dev.epicgames.com/docs/web-api-ref/connect-web-api)? They don't accept to receive url encoded data, so I can't make EOS OAuth 2.0 work because of these url.QueryEscape. Perhaps we can add a default bool true in the Endpoint struct to allow the switch not to use url.QueryEscape for special cases like this?