Regardless of what happens during the oauth or oauth2 callback, the message "The application has been authorized" is displayed.

If authorization fails (e.g. no "code" or "oauth_token" parameter in the query string) 2 things should happen:
1. This message should not be displayed
2. Other modules should have a chance to react, ie. a hook like "oauth_common_denied" should be invoked