This is definitely a nice improvement, I only have two minor questions:
- errmsg("internal error in OAuth validator module"));
+ errmsg("internal error in OAuth validator module"),
+ ret->error_detail ? errdetail_log("%s", ret->error_detail) : 0);
+
Isn't including the detail for both the warning and the fatal error
still overly verbose?
+ res->error_detail = error_detail; /* only relevant for failures */
+ if (internal_error)
+ return false;
+
Shouldn't the oauth code include a sanity check to ensure validators
return no error_detail on success instead of silently ignoring it?
