mod_http_oauth2: Make note about handling repeated RFC 6749 states > If an authorization code is used more than once, the authorization > server MUST deny the request and SHOULD revoke (when possible) all > tokens previously issued based on that authorization code. We should follow the SHOULD. The MUST is already covered by removing the code state from the cache.

---
summary: Extra verbose logging of sent and received
---

Summary
=======

Sometimes it is useful to get the raw XML logs from clients for
debugging purposes, but some clients don't expose this.

This module logs dumps everything sent and received into debug logs, for
debugging purposes.