mod_http_oauth2: Reflect ALL attributes of the client registration Per RFC 7591: " Additionally, the authorization server MUST return all registered metadata about this client, including any fields provisioned by the authorization server itself. " The idea is that the server may replace/drop fields in the registration, so what gets reflected back to the client is the source of truth about the registration.

This module lets you block connections to any remote servers not on a
whitelist.

``` {.lua}
modules_enabled = {
    -- other modules --
    "s2s_whitelist",

}
s2s_whitelist = {
    "example.org",
}
```