diff --git a/extensions/script-libraries/oauth2/notes/22557.md b/extensions/script-libraries/oauth2/notes/22557.md
new file mode 100644
index 00000000000..a561f58c48b
--- /dev/null
+++ b/extensions/script-libraries/oauth2/notes/22557.md
@@ -0,0 +1 @@
+# [22557] Prevent double URL encoding of authentication code
diff --git a/extensions/script-libraries/oauth2/oauth2.livecodescript b/extensions/script-libraries/oauth2/oauth2.livecodescript
index a660d138093..b796e0016c6 100644
--- a/extensions/script-libraries/oauth2/oauth2.livecodescript
+++ b/extensions/script-libraries/oauth2/oauth2.livecodescript
@@ -238,13 +238,14 @@ command OAuth2 pAuthURL, pTokenURL, pClientID, pClientSecret, pScopes, pPort, pP
    
    local tResult
    put the dialogData into tResult
+   -- all keys/values in tResult are already URL encoded
    
    if tResult["code"] is not empty then
       local tParams
       put "grant_type=authorization_code" into tParams
       put "&client_id=" & urlEncode(pClientID) after tParams
       put "&client_secret=" & urlEncode(pClientSecret) after tParams
-      put "&code=" & urlEncode(tResult["code"]) after tParams
+      put "&code=" & tResult["code"] after tParams
       put "&redirect_uri=" & urlEncode(kRedirectURL & ":" & pPort & "/") after tParams
       
       local tResponse