mod_http_oauth2: Strip unknown client metadata
Per RFC 7591
> The authorization server MUST ignore any client metadata sent by the
> client that it does not understand (for instance, by silently removing
> unknown metadata from the client's registration record during
> processing).
This was previously done but unintentionally removed in 90449babaa48
---
labels:
- 'Stage-Alpha'
summary: Module deprecated, just use mod_smacks and mod_nooffline_noerror
...
Introduction
============
This module is deprecated and superseded by mod_smacks.
If you explicitly disabled mod_offline you need the new module
mod_nooffline_noerror to regain all features of this deprecated module.