Steps to replicate the issue (include links if applicable):

• Enable "auto-login" feature of Extension:PluggableAuth
• Configure an OpenID provider that responds with an error
• Try to log in

What happens?:
Library code of jumbojett/openidconnect will throw an exception inside MediaWiki\Extension\OpenIDConnect\OpenIDConnect::authenticate. It will be catched in
https://github.com/wikimedia/mediawiki-extensions-OpenIDConnect/blob/8.3.0/includes/OpenIDConnect.php#L434-L438 and Pluggable Auth will report PluggableAuth.DEBUG: Authentication failure. in the logs.
But then, instead of showing an error message, the auto-login feature will start the process again and again, eventually leading to the browser detecting a redirect loop.

What should have happened instead?:
An error message should be shown to the user and details should be written into the ERROR (not DEBUG) log

Software version (on Special:Version page; skip for WMF-hosted wikis like Wikipedia):

• MediaWiki core 1.43
• Extension:PluggableAuth 7.5.0
• Extension:OpenIDConnect 8.3.0

Other information (browser name/version, screenshots, etc.):
Example of exception:

OpenIDConnect.DEBUG: Jumbojett\OpenIDConnectClientException: AADSTS7000222: The provided client secret keys for app '8...1' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: c...0 Correlation ID: 3...6 Timestamp: 2026-01-23 07:04:06Z in vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php:316