Detailed steps to reproduce the problem?

Reported in https://github.com/mongodb/mongo-go-driver/pull/1965

Some cloud platforms include a newlines in AWS web token files (i.e. using AssumeRoleWithWebIdentity). Currently, the Go Driver doesn't query-encode the values when building the URL to call AWS STS (see here), so parsing the URL fails with an error like:

parse "https://sts.amazonaws.com/?Action=AssumeRoleWithWebIdentity&RoleSessionName=some-session&RoleArn=some-arn&WebIdentityToken=some-token\n&Version=2011-06-15": net/url: invalid control character in URL

See example code here.

We should query-encode all query values to prevent URL parsing errors. That should also resolve the auth issues because part of decoding URL-encoded base64 values is stripping \n and \r characters (see example here).

Definition of done: what must be done to consider the task complete?

The exact Go version used, with patch level:

?

The exact version of the Go driver used:

?

Describe how MongoDB is set up. Local vs Hosted, version, topology, load balanced, etc.

The operating system and version (e.g. Windows 7, OSX 10.8, ...)

Security Vulnerabilities

If you’ve identified a security vulnerability in a driver or any other MongoDB project, please report it according to the instructions here