From 5432cc9688e6250a0dd8f5a5f4c781d92b398be6 Mon Sep 17 00:00:00 2001
From: voutasaurus <voutasaurus@gmail.com>
Date: Wed, 28 Jun 2017 17:35:37 -0700
Subject: [PATCH] internal: add broken auth header provider

Azure AD applications use login.microsoft.net for token URLs for OAuth
and OpenID Connect. This service expects the OAuth client ID and client
secret in the body of the OAuth exchange request.

Fixes #238

Change-Id: I9cfd46787ebfb27cf2775dd3357eb26e089322a3
Reviewed-on: https://go-review.googlesource.com/47097
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---
 internal/token.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/token.go b/internal/token.go
index 7cce374..efe7af5 100644
--- a/internal/token.go
+++ b/internal/token.go
@@ -103,6 +103,7 @@ var brokenAuthHeaderProviders = []string{
 	"https://app.box.com/",
 	"https://connect.stripe.com/",
 	"https://graph.facebook.com", // see https://github.com/golang/oauth2/issues/214
+	"https://login.microsoft.net",
 	"https://login.microsoftonline.com/",
 	"https://login.salesforce.com/",
 	"https://oauth.sandbox.trainingpeaks.com/",