internal: Add .auth0.com to broken domains
Auth0 does not support `client_id` in basic auth
**without** a `client_secret` but they do support
one or both in the body.
Auth0 also uses account specific subdomains, so
needs to be in the domain suffix broken handling.
Change-Id: I06abec5c228c746b8b90758f452016eeb67f3e98
Reviewed-on: https://go-review.googlesource.com/70010
Reviewed-by: K.J. Valencik <kjvalencik@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
diff --git a/internal/token.go b/internal/token.go
index 881fbef..e7d078f 100644
--- a/internal/token.go
+++ b/internal/token.go
@@ -128,6 +128,7 @@
// brokenAuthHeaderDomains lists broken providers that issue dynamic endpoints.
var brokenAuthHeaderDomains = []string{
+ ".auth0.com",
".force.com",
".myshopify.com",
".okta.com",