mod_http_oauth2: Fix attempt to index a boolean value _This_ function signature strikes again It returns true, payload, but only passed the boolean on in place of the client, tripping up client_subset()

mod_audit: Allow disabling IP logging, or limiting it to a prefix

mod_audit: Include client id in audit log entries (if known)

mod_sasl2: Fire authentication-{success,failure} events like mod_saslauth

mod_http_oauth2: Record details of OAuth client a token is issued to To enable use cases such as revoking all tokens issued to a particular OAuth client in case of security issues, or for informative purposes such as when listing tokens for users.

mod_http_oauth2: Invoke mod_http_errors to render error on invalid redirect Turns out returning a table like that produces a blank page. Kinda boring and not very helpful.

mod_http_oauth2: Validate all URIs against client_uri in client registration Validating against all redirect URIs didn't work for OOB-only clients, which happens to be what I was testing with.

mod_http_oauth2: Organize HTTP routes with comments Starting to get hard to follow. Usually one would start tracing the steps at the HTTP authorize route. Vaguely sorted alphabetically by path and point in the flow. (/register comes before /authorize tho)

mod_http_oauth2: Fix validation of informative URIs Iterating over wrong table

mod_http_oauth2: Use more compact IDs UUIDs are nice but so verbose! The reduction in entropy for the nonce should be fine since the timestamp is also counts towards this, and it changes every second (modulo clock shenanigans), so the chances of someone managing to get the same client_secret by registering with the same information at the same time as another entity should be negligible.