Salesforce Oauth2 Keys
Description
General
- Documentation: https://developer.salesforce.com/docs/
- Summary: Salesforce provides customer relationship management services. Its APIs enables to add functionality with third party application. The OAuth credentials are used to get access tokens. These can in turn be used to authenticate with the APIs to make requests on behalf of the users. This detector finds these Oauth credentials.
- IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
- Scopes: Yes. Each APIs has its set of permissions.
Revoke the secret
Go to the App Manager.
Check for suspicious activity
As of the time of writing this documentation, this feature is not yet supported.
Details for Salesforce Oauth2 Keys
-
Family: credentials
-
Category: crm
-
Company: Salesforce
-
High recall: True
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: False
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 2
-
Occurrences found for one million commits: 4.09
-
Prefixed: True
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- 3mvg9
Examples
- text: |
salesforce CONSTANTS +// ----------------------------------------------------------
+const CONSUMER_KEY = "3MVG9fTLmJ60pJ5I6fu3pPjYrPcxc.hs9.0cd634pxhqP52jzB1I8dVPTP5OHtqCU2uvqle29N1YDeBSLTwlI";
+const CONSUMER_SECRET = "5475249808098367457";
client_id: '3MVG9fTLmJ60pJ5I6fu3pPjYrPcxc.hs9.0cd634pxhqP52jzB1I8dVPTP5OHtqCU2uvqle29N1YDeBSLTwlI'
client_secret: '5475249808098367457'
- text: |
"Credentials": {
"GrantType": "password",
- "ClientId": "3MVG9eQyYZ1h89HeO90IR6o6pmKEiPS.YGCCCOq6fbSYKk0q3MufvMph2aEclMAoWLFW9XBX8twZesSU3hchE",
- "ClientSecret": "2032E4A8427CF5D194883A6C1373D646CAE93452828E4D445588443ECC0ECED6",
client_id: 3MVG9eQyYZ1h89HeO90IR6o6pmKEiPS.YGCCCOq6fbSYKk0q3MufvMph2aEclMAoWLFW9XBX8twZesSU3hchE
client_secret: 2032E4A8427CF5D194883A6C1373D646CAE93452828E4D445588443ECC0ECED6
