mod_http_oauth2: Reflect changes to defaults etc
- Resource owner password grant was disabled by default
- Tokens now include a hash of client_id making it possible to be
reasonable sure that they were issued to a particular client
-- COMPAT for Openfire sending stream headers without to or from.
module:set_global();
module:hook("s2s-check-certificate", function(event)
local session, host = event.session, event.host;
if not event.host then
(session.log or module._log)("warn", "Invalid stream header, certificate will not be trusted")
session.cert_chain_status = "invalid"
return true
end
end, 100);