mod_http_oauth2: Reject non-local hosts in more code paths We're not issuing tokens for users on remote hosts, we can't even authenticate them since they're remote. Thus the host is always the local module.host so no need to pass around the host in most cases or use it for anything but enforcing the same host.

---
labels:
- 'Type-Auth'
summary: SASL OAuthBearer Mechanism
...

Introduction
============

This module adds a new SASL mechanism OAUTHBEARER, as defined in [RFC-7628](https://tools.ietf.org/html/rfc7628).

It's intended to be used together with the `mod_auth_oauthbearer.lua` module.