Improve OAuth2 login procedure
... as suggested in issue #6933
- add config option oauth_verify_peer
- add config option oauth_identity_fields
- do not mask access token in session data
- fix refresh token handling
- use a redirect URL without query parameters