Skip to main content

Salesforce Oauth2 Keys

Description#

General#

  • Documentation: https://developer.salesforce.com/docs/
  • Summary: Salesforce provides customer relationship management services. Its APIs enables to add functionality with third party application. The OAuth credentials are used to get access tokens. These can in turn be used to authenticate with the APIs to make requests on behalf of the users. This detector finds these Oauth credentials.
  • IPs allowlist: This feature is not supported.
  • Scopes: Yes. Each APIs has its set of permissions.

Revoke the secret#

Go to the App Manager.

Check for suspicious activity#

This feature is not supported.

Details for Salesforce oauth2#

  • Category: CRM

  • Company: Salesforce

  • High recall: True

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 2.9

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^lock$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - 3mvg9

Examples#

- text: >    salesforce CONSTANTS +// ----------------------------------------------------------    +const CONSUMER_KEY = "3MVG9fTLmJ60pJ5I6fu3pPjYrPcxc.hs9.5cx074wlhqP52juB8I1iQUTP5MHlqCY9uhwje09N3YCxBIGGxlI";    +const CONSUMER_SECRET = "3475296048548367986";  client_id: "3MVG9fTLmJ60pJ5I6fu3pPjYrPcxc.hs9.5cx074wlhqP52juB8I1iQUTP5MHlqCY9uhwje09N3YCxBIGGxlI"  client_secret: "3475296048548367986"