mod_http_oauth2: Allow user to decide which requested scopes to grant These should at the very least be shown to the user, so they can decide whether to grant them. Considered whether to filter the requested scopes down to actually understood scopes that would be granted, but decided that this was a bit complex for a first step, since role role selection and other kinds of scopes are mixed into the same field here.

Introduction
============

This module attempts to sanitize XHTML-IM messages.

It does **not** attempt to sanitize any CSS embedded in `style`
attributes, these are instead stripped by default.

Configuration
=============

  Option                   Type      Default
  ------------------------ --------- ---------
  `strip_xhtml_style`      boolean   `true`
  `bounce_invalid_xhtml`   boolean   `false`