mod_http_oauth2: Make note about handling repeated RFC 6749 states > If an authorization code is used more than once, the authorization > server MUST deny the request and SHOULD revoke (when possible) all > tokens previously issued based on that authorization code. We should follow the SHOULD. The MUST is already covered by removing the code state from the cache.

<tr>
  <td colspan="2">
    <script src="https://hcaptcha.com/1/api.js" async defer></script>
    <div class="h-captcha" data-sitekey="{captcha_public_key}"></div>
  </td>
</tr>