aboutsummaryrefslogtreecommitdiff
path: root/vendor/golang.org/x/oauth2/internal/token.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/golang.org/x/oauth2/internal/token.go')
-rw-r--r--vendor/golang.org/x/oauth2/internal/token.go25
1 files changed, 22 insertions, 3 deletions
diff --git a/vendor/golang.org/x/oauth2/internal/token.go b/vendor/golang.org/x/oauth2/internal/token.go
index ba90a34..018b58a 100644
--- a/vendor/golang.org/x/oauth2/internal/token.go
+++ b/vendor/golang.org/x/oauth2/internal/token.go
@@ -122,6 +122,13 @@ var brokenAuthHeaderProviders = []string{
"https://sandbox.codeswholesale.com/oauth/token",
}
+// brokenAuthHeaderDomains lists broken providers that issue dynamic endpoints.
+var brokenAuthHeaderDomains = []string{
+ ".force.com",
+ ".okta.com",
+ ".oktapreview.com",
+}
+
func RegisterBrokenAuthHeaderProvider(tokenURL string) {
brokenAuthHeaderProviders = append(brokenAuthHeaderProviders, tokenURL)
}
@@ -142,6 +149,14 @@ func providerAuthHeaderWorks(tokenURL string) bool {
}
}
+ if u, err := url.Parse(tokenURL); err == nil {
+ for _, s := range brokenAuthHeaderDomains {
+ if strings.HasSuffix(u.Host, s) {
+ return false
+ }
+ }
+ }
+
// Assume the provider implements the spec properly
// otherwise. We can add more exceptions as they're
// discovered. We will _not_ be adding configurable hooks
@@ -155,9 +170,13 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string,
return nil, err
}
bustedAuth := !providerAuthHeaderWorks(tokenURL)
- if bustedAuth && clientSecret != "" {
- v.Set("client_id", clientID)
- v.Set("client_secret", clientSecret)
+ if bustedAuth {
+ if clientID != "" {
+ v.Set("client_id", clientID)
+ }
+ if clientSecret != "" {
+ v.Set("client_secret", clientSecret)
+ }
}
req, err := http.NewRequest("POST", tokenURL, strings.NewReader(v.Encode()))
if err != nil {
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 21:05:16 +0000