Add the masked stored state (transient value) when OAuth Connect validation fails

[diegocurbelo]

Fixes STRIPE-745
Fixes #<github_issue_id>

Changes proposed in this Pull Request:

This PR improves the OAuth optional verbose logs to include additional data:

• adds the expected state masked value (or false if not set)
• logs the final state, code, nonce, and connect_response (all masked) as an error in case of failure

Testing instructions

0. Enable the Oauth connect verbose logging by adding the following filter:
   add_filter( 'wc_stripe_is_verbose_debug_mode_enabled', '__return_true' );
1. Disconnect your Stripe account
2. Go to the Onboard page (WooCommerce > Payments > Stripe)
3. Click Create or connect a test account instead (do not complete the onboarding yet)
4. Remove the state transient:
   wp transient delete wcs_stripe_connect_state_test
5. Select your account and complete the process
6. Check that there are 2 error logged:
   
7. Verify that the attribute stored_state is present, and that it is false:
   

---

• Covered with tests (or have a good reason not to test in description ☝️)
• Tested on mobile (or does not apply)

Changelog entry

• This Pull Request does not require a changelog entry. (Comment required below)

Changelog Entry Comment

Comment

Post merge

• Added testing instructions to the Release Testing Instructions wiki page (or does not apply)
• Added the needs docs label (or does not apply)
• Included this PR in the Release Thread scope (or does not apply)

[Copilot]

Pull Request Overview

This PR enhances OAuth Connect verbose logging to improve debugging capabilities when OAuth validation fails. The changes add the stored state value (masked or 'false' if not set) to error logs and implement consistent logging for both successful and failed connection attempts.

• Stores the transient state value before validation to include it in error logs
• Adds stored_state, state, code, and nonce (all masked) to verbose debug logs
• Implements conditional logging that uses error level for failures and debug level for successes

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Mayisha]

Code looks good and it tests as described 👍

✅ Two errors logged

✅ The attribute stored_state is present, and it is false in the additional context of OAuth: Invalid state received from the WCC server log.

Note
stored_state is not present in the additional context of the OAuth: Account connection failed log. Should we add the data here as well?

[malithsen]

LGTM

[diegocurbelo]

Note stored_state is not present in the additional context of the OAuth: Account connection failed log. Should we add the data here as well?

I don't think it adds any value.... when stored_state and state don't match, we already log an error before returning the error.

Also, to add it to the OAuth: Account connection failed log, we would need to read the transient again to log it... and in general, each function only logs the data it receives/uses.