Add Zoho to the list of broken providers

As per the documentation

The oauth2 implementation for Zoho is broken in other ways as well, e.g. by having scopes comma separated instead of space separated as the standard says. But won't (and shouldn't) be handled by this project as per

Change-Id: I450391ac92cbb02e6ba6a21e4afcc4dd0d6849b4
GitHub-Last-Rev: ba758b032a996647298930c419b2db587478ab45
GitHub-Pull-Request: golang/oauth2#333
Reviewed-by: Brad Fitzpatrick <>
diff --git a/internal/token.go b/internal/token.go
index 711bc93..53259a4 100644
--- a/internal/token.go
+++ b/internal/token.go
@@ -133,6 +133,7 @@
+	"",
 // brokenAuthHeaderDomains lists broken providers that issue dynamic endpoints.