internal: Add .auth0.com to broken domains

Auth0 does not support `client_id` in basic auth **without** a `client_secret` but they do support one or both in the body. Auth0 also uses account specific subdomains, so needs to be in the domain suffix broken handling. Change-Id: I06abec5c228c746b8b90758f452016eeb67f3e98 Reviewed-on: https://go-review.googlesource.com/70010 Reviewed-by: K.J. Valencik <kjvalencik@gmail.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-10-11 13:22:33 -04:00 · 2017-10-11 13:22:33 -04:00 · a032972e28
parent b28fcf2b08
commit a032972e28
1 changed files with 1 additions and 0 deletions
--- a/internal/token.go
+++ b/internal/token.go
@ -128,6 +128,7 @@ var brokenAuthHeaderProviders = []string{

 // brokenAuthHeaderDomains lists broken providers that issue dynamic endpoints.
 var brokenAuthHeaderDomains = []string{
+	".auth0.com",
 	".force.com",
 	".myshopify.com",
 	".okta.com",