internal: recognize Salesforce and Okta domains as broken providers

Fixes golang/oauth2#166

Change-Id: Ib3854db4a28a596af3565a84843fc0fa66709193
Reviewed-on: https://go-review.googlesource.com/38376
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>

internal/token.go

@@ -122,6 +122,13 @@ var brokenAuthHeaderProviders = []string{
 	"https://sandbox.codeswholesale.com/oauth/token",
 }
 
+// brokenAuthHeaderDomains lists broken providers that issue dynamic endpoints.
+var brokenAuthHeaderDomains = []string{
+	".force.com",
+	".okta.com",
+	".oktapreview.com",
+}
+
 func RegisterBrokenAuthHeaderProvider(tokenURL string) {
 	brokenAuthHeaderProviders = append(brokenAuthHeaderProviders, tokenURL)
 }
@@ -142,6 +149,14 @@ func providerAuthHeaderWorks(tokenURL string) bool {
 		}
 	}
 
+	if u, err := url.Parse(tokenURL); err == nil {
+		for _, s := range brokenAuthHeaderDomains {
+			if strings.HasSuffix(u.Host, s) {
+				return false
+			}
+		}
+	}
+
 	// Assume the provider implements the spec properly
 	// otherwise. We can add more exceptions as they're
 	// discovered. We will _not_ be adding configurable hooks