Salesforce Refresh Tokens

Description

General

• Documentation: https://developer.salesforce.com/docs/
• Summary: Salesforce provides customer relationship management services. Its APIs enable to add functionality with third party application. A token is given when a user authorizes an app. It expires after some time and can be renewed with the refresh token. This detector finds these latter refresh tokens.
• IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
• Scopes: Yes. Each APIs has its set of permissions.

Revoke the secret

The user can revoke the credentials in the web application.

Check for suspicious activity

As of the time of writing this documentation, this feature is not yet supported.

Details for Salesforce refresh tokens

• Family: Api

• Category: CRM

• Company: Salesforce

• High recall: True

• Validity check available: False

• Minimum number of matches: 2

• Occurrences found for one million commits: 1.23

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - 5aep861

Examples

- text: |
    String refresh_token = "5Aep861..zRMyCurAUqXuPX5uJN1Yk7ghc6h4Cv7m6IPMhhMvOivwnD7dLeOFes5eM6el.JJ5pgP4h3dTR0gnrn";
    String access_token = "00D6F000002Tjy4!AQgAQK9zwJVvIAe2jK0Gd1SAhMTh0GCfrNk7QKAoSqjmlXwR71qctjLAyH.3ivQfVKespfPMdgfzFt6oSwKnfD0wxupZj6Bc";
  refresh_token: 5Aep861..zRMyCurAUqXuPX5uJN1Yk7ghc6h4Cv7m6IPMhhMvOivwnD7dLeOFes5eM6el.JJ5pgP4h3dTR0gnrn
  access_token: 00D6F000002Tjy4!AQgAQK9zwJVvIAe2jK0Gd1SAhMTh0GCfrNk7QKAoSqjmlXwR71qctjLAyH.3ivQfVKespfPMdgfzFt6oSwKnfD0wxupZj6Bc