Salesforce doesn't like receiving a scope= query param on the token endpoint

[ohler]

The example in https://godoc.org/golang.org/x/oauth2#ex-Config doesn't work with Salesforce; to make it work, we have to set conf.Scopes = nil before the call to conf.Exchange().

See also https://help.salesforce.com/apex/HTViewHelpDoc?id=remoteaccess_oauth_web_server_flow.htm&language=en , where "scope" is a documented query param for the authorization endpoint but not the token endpoint. That page doesn't explicitly say that passing "scope" is an error, but testing shows that the server responds with 400 {"error":"invalid_request","error_description":"scope parameter not supported"}.

Having the conf.Scopes = nil workaround in our code doesn't bother me much (it's hardly the only API quirk that requires workarounds in our code), but your philosophy in #111 makes me think you'd like to know about this and move the workaround to this package instead (or at least clarify the example).

[lalloni]

I believe this is fixed by #146 which is submitted for review as http://golang.org/cl/23790.

[micahhausler]

@plalloni I tried using your fork, and Salesforce oauth still didn't work. The internal.RetrieveToken() function only sets the client_secret if bustedAuth && ClientSecret != "". Since Salesforce oauth TokenURL can be on an arbitrary subdomain, the providerAuthHeaderWorks() function as-is won't correctly work.

[rakyll]

This bug should have been resolved by https://go-review.googlesource.com/c/23790/, please reopen if it is still an issue.