Thrown by OAuthProxy.authorize when the dynamically-registered client
(identified by its redirect_uri) has not yet been granted user consent.
The integrator must present a consent screen, record approval via
OAuthProxy.grantConsent, and only then build the upstream redirect. This
enforces the confused-deputy MUST: consent is obtained for each dynamically
registered client before forwarding to the upstream authorization server.
Thrown by OAuthProxy.authorize when the dynamically-registered client (identified by its redirect_uri) has not yet been granted user consent. The integrator must present a consent screen, record approval via OAuthProxy.grantConsent, and only then build the upstream redirect. This enforces the confused-deputy MUST: consent is obtained for each dynamically registered client before forwarding to the upstream authorization server.