From 8a284ce6a5cd89f08a4f5e9219014fd1fd7b8018 Mon Sep 17 00:00:00 2001 From: "Christian G. Warden" Date: Tue, 6 Dec 2016 16:17:41 -0800 Subject: [PATCH] Salesforce OAuth Work-Arounds Work-arounds for using Salesforce as an OAuth identity provider. Do not send scope when exchanging authorization code for access token; Salesforce doesn't allow it. Include standard Salesforce endpoints in list of broken providers which require client_secret be sent when getting access token. See upstream issues: https://github.com/golang/oauth2/issues/166 https://github.com/golang/oauth2/pull/146 --- vendor/golang.org/x/oauth2/oauth2.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/vendor/golang.org/x/oauth2/oauth2.go b/vendor/golang.org/x/oauth2/oauth2.go index 0c6a1ed980d69..5fb5f284c28ca 100644 --- a/vendor/golang.org/x/oauth2/oauth2.go +++ b/vendor/golang.org/x/oauth2/oauth2.go @@ -170,7 +170,8 @@ func (c *Config) Exchange(ctx context.Context, code string) (*Token, error) { "grant_type": {"authorization_code"}, "code": {code}, "redirect_uri": condVal(c.RedirectURL), - "scope": condVal(strings.Join(c.Scopes, " ")), + // Salesforce doesn't support sending scope when getting access token + // "scope": condVal(strings.Join(c.Scopes, " ")), }) } @@ -437,6 +438,8 @@ var brokenAuthHeaderProviders = []string{ "https://oauth.sandbox.trainingpeaks.com/", "https://oauth.trainingpeaks.com/", "https://www.strava.com/oauth/", + "https://login.salesforce.com/", + "https://test.salesforce.com/", } // providerAuthHeaderWorks reports whether the OAuth2 server identified by the tokenURL