When certain OAuth requests that normally return some JWT data result in an error from the server, OAuthClient blindly assumes they were successful, tries to verify the JWT signature, and fails, masking the real error.
Also happens in some non-JWT-related situations:
17:02 <+bd808> "Undefined property: stdClass::$key in /data/project/olympics/public_html/vendor/mediawiki/oauthclient/src/Client.php on line 179" -- that doesn't look good 17:04 <+bd808> that looks like the json_decode() of the server response failing 17:04 <+bd808> (crappy error handling there too)
I had this error the other day when attempting to auth to a wiki that was incorrectly set-up. The exposed error was "Notice: Trying to get property 'alg' of non-object" from oauthclient/src/Client.php (line 314), because the result from the server was a pile of HTML error (and the curl call is only checking for an empty result being the indicator of an error).