oidc-callback URL filling browser history

[PVince81]

I wonder if we should replace/rewrite history after processing the callback to avoid having its URL and its token stored in the browser history.

Needs some research to see if there are best practices there.

[pascalwengerter]

@kulmann @dschmidt have you touched this topic in your recent auth PR?

[dschmidt]

Not specifically, to some extent the oidc library should handle it (no idea if it actually does) or if there's more we can/should do.
As I said, we did not look into this - verification if still necessary would be appreciated.

[kulmann]

Didn't find much about this topic, but seems to be a good idea. And it's a one-line fix so I made a PR here #7293