mod_http_oauth2: Reject non-local hosts in more code paths We're not issuing tokens for users on remote hosts, we can't even authenticate them since they're remote. Thus the host is always the local module.host so no need to pass around the host in most cases or use it for anything but enforcing the same host.

mod_http_oauth2: Add support for the "openid" scope This "openid" scope is there to signal access to the userinfo endpoint, which is needed for OIDC support. We don't actually check this later because the userinfo endpoint only returns info embedded in the token itself, but in the future we may want to check this more carefully.

mod_http_oauth2: Prepare to handle multiple e.g. non-role scopes This is to prepare to handle scopes like "openid" that don't map to roles.

mod_adhoc_oauth2_client: Make note in README about current broken state It could plausibly be made to work again using the stateless method internally.

mod_http_oauth2: Fix attempt to index a boolean value _This_ function signature strikes again It returns true, payload, but only passed the boolean on in place of the client, tripping up client_subset()

mod_audit: Allow disabling IP logging, or limiting it to a prefix

mod_audit: Include client id in audit log entries (if known)

mod_sasl2: Fire authentication-{success,failure} events like mod_saslauth

mod_http_oauth2: Record details of OAuth client a token is issued to To enable use cases such as revoking all tokens issued to a particular OAuth client in case of security issues, or for informative purposes such as when listing tokens for users.

mod_http_oauth2: Invoke mod_http_errors to render error on invalid redirect Turns out returning a table like that produces a blank page. Kinda boring and not very helpful.