forked from Mirrors/oauth2
internal: Add .auth0.com to broken domains
Auth0 does not support `client_id` in basic auth **without** a `client_secret` but they do support one or both in the body. Auth0 also uses account specific subdomains, so needs to be in the domain suffix broken handling. Change-Id: I06abec5c228c746b8b90758f452016eeb67f3e98 Reviewed-on: https://go-review.googlesource.com/70010 Reviewed-by: K.J. Valencik <kjvalencik@gmail.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
parent
b28fcf2b08
commit
a032972e28
|
@ -128,6 +128,7 @@ var brokenAuthHeaderProviders = []string{
|
||||||
|
|
||||||
// brokenAuthHeaderDomains lists broken providers that issue dynamic endpoints.
|
// brokenAuthHeaderDomains lists broken providers that issue dynamic endpoints.
|
||||||
var brokenAuthHeaderDomains = []string{
|
var brokenAuthHeaderDomains = []string{
|
||||||
|
".auth0.com",
|
||||||
".force.com",
|
".force.com",
|
||||||
".myshopify.com",
|
".myshopify.com",
|
||||||
".okta.com",
|
".okta.com",
|
||||||
|
|
Loading…
Reference in New Issue