The second is also something I really needed a while back, trying to get to the bottom of Strava's OAuth flow - Visible OAuth error messages. For

authorization_code

grants, we now surface the full error context we receive from the remote provider if anything goes wrong.