Fixes #2065

Author: alexeyzimarev

src/RestSharp/Authenticators/OAuth/OAuth1Auth.cs

@@ -237,11 +237,11 @@ void AddOAuthData(IRestClient client, RestRequest request, OAuthWorkflow workflo
         var oauthParameters = ParameterHandling switch {
             OAuthParameterHandling.HttpAuthorizationHeader => CreateHeaderParameters(),
             OAuthParameterHandling.UrlOrPostParameters     => CreateUrlParameters(),
-            _ =>
-                throw new ArgumentOutOfRangeException(nameof(ParameterHandling))
+            _                                              => throw new ArgumentOutOfRangeException(nameof(ParameterHandling))
         };
 
         request.AddOrUpdateParameters(oauthParameters);
+        return;
 
         IEnumerable<Parameter> CreateHeaderParameters() => new[] { new HeaderParameter(KnownHeaders.Authorization, GetAuthorizationHeader()) };
 
@@ -264,4 +264,4 @@ string GetAuthorizationHeader() {
 static class ParametersExtensions {
     internal static IEnumerable<WebPair> ToWebParameters(this IEnumerable<Parameter> p)
         => p.Select(x => new WebPair(Ensure.NotNull(x.Name, "Parameter name"), x.Value?.ToString()));
-}
+}

src/RestSharp/Authenticators/OAuth/OAuthTools.cs

@@ -93,20 +93,20 @@ public static string GetNonce() {
     public static string? UrlEncodeRelaxed(string? value) {
         if (value == null) return null;
 
+        // Do RFC 2396 escaping by calling the .NET method to do the work.
+        var escaped = Uri.EscapeDataString(value);
+
         // Escape RFC 3986 chars first.
-        var escapedRfc3986 = new StringBuilder(value);
+        var escapedRfc3986 = new StringBuilder(escaped);
 
         for (var i = 0; i < UriRfc3986CharsToEscape.Length; i++) {
             var t = UriRfc3986CharsToEscape[i];
 
             escapedRfc3986.Replace(t, UriRfc3968EscapedHex[i]);
         }
 
-        // Do RFC 2396 escaping by calling the .NET method to do the work.
-        var escapedRfc2396 = Uri.EscapeDataString(escapedRfc3986.ToString());
-
         // Return the fully-RFC3986-escaped string.
-        return escapedRfc2396;
+        return escapedRfc3986.ToString();
     }
 
     /// <summary>

test/RestSharp.Tests/Auth/OAuth1AuthTests.cs

@@ -27,7 +27,7 @@ public void Authenticate_ShouldAddAuthorizationAsTextValueToRequest_OnHttpAuthor
         const string url = "https://no-query.string";
 
         using var client  = new RestClient(url);
-        var request = new RestRequest();
+        var       request = new RestRequest();
 
         _auth.ParameterHandling = OAuthParameterHandling.HttpAuthorizationHeader;
 
@@ -57,7 +57,7 @@ public void Authenticate_ShouldAddSignatureToRequestAsSeparateParameters_OnUrlOr
         const string url = "https://no-query.string";
 
         using var client  = new RestClient(url);
-        var request = new RestRequest();
+        var       request = new RestRequest();
         request.AddQueryParameter("queryparameter", "foobartemp");
 
         _auth.ParameterHandling = OAuthParameterHandling.UrlOrPostParameters;
@@ -98,7 +98,7 @@ public void Authenticate_ShouldEncodeOAuthTokenParameter(OAuthType type, string
         const string url = "https://no-query.string";
 
         using var client  = new RestClient(url);
-        var request = new RestRequest();
+        var       request = new RestRequest();
         _auth.Type  = type;
         _auth.Token = value;
 
@@ -125,7 +125,7 @@ public void Authenticate_ShouldAllowEmptyConsumerSecret_OnHttpAuthorizationHeade
         const string url = "https://no-query.string";
 
         using var client  = new RestClient(url);
-        var request = new RestRequest();
+        var       request = new RestRequest();
         _auth.Type           = type;
         _auth.ConsumerSecret = null;
 
@@ -141,4 +141,26 @@ public void Authenticate_ShouldAllowEmptyConsumerSecret_OnHttpAuthorizationHeade
         Assert.Contains("OAuth", value!);
         Assert.Contains($"oauth_signature=\"{OAuthTools.UrlEncodeStrict("&")}", value);
     }
-}
+
+    [Fact]
+    public async Task Authenticate_ShouldUriEncodeConsumerKey_OnHttpAuthorizationHeaderHandling() {
+        // Arrange
+        const string url = "https://no-query.string";
+
+        var client  = new RestClient(url);
+        var request = new RestRequest();
+        _auth.Type           = OAuthType.ProtectedResource;
+        _auth.ConsumerKey    = "my@consumer!key";
+        _auth.ConsumerSecret = null;
+
+        // Act
+        await _auth.Authenticate(client, request);
+
+        // Assert
+        var authParameter = request.Parameters.Single(x => x.Name == KnownHeaders.Authorization);
+        var value         = (string)authParameter.Value;
+
+        value.Should().Contain("OAuth");
+        value.Should().Contain("oauth_consumer_key=\"my%40consumer%21key");
+    }
+}