when `log_out` is called from `\core\oauth2\client` it will delete the refresh token,
what it actually needs to use it to get a new access token
actually logging out is not needed here, the only thing we need to make sure is,
the invalid access token is removed from the session
that is done by storing `null`
In PHP 8.2 and later, setting a value to an undeclared class property is
deprecated and emits a deprecation notice.
So we need to add missing class properties that still need to be declared.
If the request to the OAuth 2 token endpoint fails show the response
body the endpoint returned with its HTTP status (when debug: DEVELOPER).
If no response is available show any error returned by Curl. Previously
none of this information was available making troubleshooting difficult.
If a token refresh fails in \core\oauth2\refresh_system_tokens_task an
exception is now thrown so that the result is shown as "Fail" on
admin/tasklogs.php?filter=core\oauth2\refresh_system_tokens_task
The google_oauth class extends oauth2client which was modified to send "Accept" headers.
The "Accept" headers break picasa and could break any other plugin that was using google_oauth.
Provide a more meaningful error message and debuginfo allowing to
diagnose what is going on. In case of flickr, this is typically thrown
when flickr API responses with their "bad, bad panda" HTML page instead
of the expected reply.
As per the oauth1 spec, the oauth_callback is supposed to be passed only
when obtaining the initial request token. The client used to append it
automatically to all requests which broke the request signature.
A generic OAuth 2.0 for the web application flow, tested against
microsoft and google apis.
Added a callback endpoint for requests so that clients can use a single
endpoint (without GET params). I put this in /admin/ as I expect some
sites will have .htaccess denying access to /lib/.
