diff options
author | Paul Tyng <paul@paultyng.net> | 2017-10-11 13:22:33 -0400 |
---|---|---|
committer | Brad Fitzpatrick <bradfitz@golang.org> | 2018-01-26 16:49:32 +0000 |
commit | a032972e28060ca4f5644acffae3dfc268cc09db (patch) | |
tree | 7d241414cd5ca0c143e81f67ddedb17b8ee5ff69 /internal | |
parent | b28fcf2b08a19742b43084fb40ab78ac6c3d8067 (diff) | |
download | golang-x-oauth2-a032972e28060ca4f5644acffae3dfc268cc09db.tar.gz |
internal: Add .auth0.com to broken domains
Auth0 does not support `client_id` in basic auth
**without** a `client_secret` but they do support
one or both in the body.
Auth0 also uses account specific subdomains, so
needs to be in the domain suffix broken handling.
Change-Id: I06abec5c228c746b8b90758f452016eeb67f3e98
Reviewed-on: https://go-review.googlesource.com/70010
Reviewed-by: K.J. Valencik <kjvalencik@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Diffstat (limited to 'internal')
-rw-r--r-- | internal/token.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/internal/token.go b/internal/token.go index 881fbef..e7d078f 100644 --- a/internal/token.go +++ b/internal/token.go @@ -128,6 +128,7 @@ var brokenAuthHeaderProviders = []string{ // brokenAuthHeaderDomains lists broken providers that issue dynamic endpoints. var brokenAuthHeaderDomains = []string{ + ".auth0.com", ".force.com", ".myshopify.com", ".okta.com", |