The authenticateUser() method of the OAuthServices class was returning
the results of provider.authenticateUser() instead of provider.associateTokenToUser().
This gives incorrect results if associateTokenToUser() doesn't return
the identical object (the in-memory provider does, which is probably why this doesn't come up).
This patch changes the function so that if associateTokenToUser()
returns a non-identical object (say, if you use a database) you get
the most up-to-date object back.
The authenticateUser() method of the OAuthServices class was returning the results of provider.authenticateUser() instead of provider.associateTokenToUser().
This gives incorrect results if associateTokenToUser() doesn't return the identical object (the in-memory provider does, which is probably why this doesn't come up).
This patch changes the function so that if associateTokenToUser() returns a non-identical object (say, if you use a database) you get the most up-to-date object back.