Previously we created a new GUID for any user trying to login via oauth.
That GUID was used to store the token states. This polluted the cache
area but even worse, it made it impossible to stay logged in on multiple
devices when the IdP invalidated onld access tokens when issuing a new
one (like google does).
Now a session storage is used for the initial login. Permanent storage
is only initialized after a successful login (based on the user's email
address).
The new OAuthManager is now the main flow manager and should make it
easier to follow the flow. The Session class encapsulates all session
and cookie accesses. A new guid paradigma should make invisible relogins
possible when the session expired. Needs all major cleanup but a first
login worked.
using composer for the oauth lib dependency, autoloading for our own
classes. Services are now their own action plugins to inherit from our
Service class.
All still untested and broken
