mod_http_oauth2: Fix to disable disabled response handlers correctly Wrong table

mod_http_oauth2: Log flows enabled and disabled If a developer ever wants to be sure what the state is

mod_http_oauth2: Fix appending of query parts in error redirects Looks like this meant to check whether the redirect_uri has a ?query part, but forgot to inspect the field for this in the returned table.

mod_http_oauth2: Implement the OpenID userinfo endpoint Needed for OIDC

mod_http_oauth2: Close site header tags

mod_http_oauth2: Fix contrast of links on consent page The default dark blue wasn't very visible on a dark background

mod_http_oauth2: token endpoint: handle missing credentials

mod_http_oauth2: Fail early when no authorization header present Fixes traceback.

mod_http_oauth2: Support HTTP Basic auth on token endpoint This is described in RFC 6749 section 2.3.1 and draft-ietf-oauth-v2-1-07 2.3.1 as the recommended way to transmit the client's credentials. The older spec even calls it the "client password", but the new spec clarifies that this is just another term for the client secret.

mod_http_oauth2: Separate extracting credentials from requests and verifying The token endpoint also uses Basic auth, but the password would be the client_secret, so we need to verify against that instead of using test_password(). Splitting this up here avoids code duplication. Possibly this new function could go into util.http...