Do not make OIDC state cookie name unique if multiple code flows are not allowed

[sberyozkin]

Fixes #34760

Quarkus OIDC enables multiple authorization code flows (multi-tab authentication) by default - a user can start a login process and without completing it open a new tab and start a new one.

State cookies are used to coordinate a given authorization code flow and for multiple code flows to be supported their names have to be unique for the state cookies not to interfere with each other.

However if such a multi-tab authentication is disabled, the state cookie should not be unique - as it prevents whitelisting supported cookies as explained in #34760.

So this PR makes a very simple fix - if multiple code flows are not allowed, do not try to make a state cookie name unique. Tests are updated to show that by default the state cookie name contains UUID, but not if the multiple code flows are not allowed.

[sberyozkin]

OOM dev test test failure, I'll need to create another issue as it is not related to this PR

[sberyozkin]

I've tried to cancel the workflow as one of the OIDC tests is indeed failing, sorry

[sberyozkin]

The OIDC wiremock test failure is not related, it is a millisec related comparison:

2023-07-17T11:00:12.6787362Z [ERROR] io.quarkus.it.keycloak.CodeFlowAuthorizationTest.testCodeFlowUserInfo  Time elapsed: 0.256 s  <<< FAILURE!
2023-07-17T11:00:12.6788167Z org.opentest4j.AssertionFailedError: expected: <25200> but was: <25201>

I'll need to fix it first

[sberyozkin]

Thanks @gastaldi, can you please check #34791, I'd like to get that one fixed first as that test is flaky

[quarkus-bot]

✔️ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.