diff --git a/auth-server-auth-code.md b/auth-server-auth-code.md
index 6226d6ff..fcd869d2 100755
--- a/auth-server-auth-code.md
+++ b/auth-server-auth-code.md
@@ -37,7 +37,9 @@ The client will now send a POST request to the authorization server with the fol
 * `client_id` with the client identifier
 * `client_secret` with the client secret
 * `redirect_uri` with the same redirect URI the user was redirect back to
-* `code` with the authorization code from the query string **(remember to url decode it first)**
+* `code` with the authorization code from the query string
+ 
+Note that you need to decode the `code` query string first. You can do that with `urldecode($code)`.
 
 The authorization server will respond with a JSON object containing the following properties: