Alter error handling for providers that return errors with status 200 #313
Description
We're seeing an odd issue when using oauth2-rs with GitHub. A user has managed to make it past CSRF protection (implying a presumably valid legit login attempt).
However, when we exchange the code for a token, we are getting an error from inside oauth2-rs that indicates failure to parse the response (missing field access_token).
I suspect this is due to GitHub returning 200 with an error, as there are certain user-controlled conditions where the exchange could result in an error response (for example, their email address is unverified). I don't know for sure that GitHub returns 200 with an error but there are definitely some signs:
I have seen the code snippet highlighted in this related issue: #303
I'm the kind of person that wants to say "no way, they should follow spec", it's also GitHub, and I would assume there are more than a few users using oauth2-rs with GitHub.
Does it make sense to change that snippet to look for error fields, even if a 200, and handle it as an error case?