Support for v1 and v2 APIs. Many fixes

• Support for v1 or v2 of our API. You just change the knobs and the metadata endpoint!
• Massive update that fixes a lot that was wrong with the original OpenID Connect Implementation.
  • Lots of new settings given to you that you can pass in. Look at the client_config_v1.js example to see these. In detail:
  • You can now specify if user profile should be loaded. (HINT: You shouldn't - as we don't have a user profile lookup.) Default is to skip which you should for AzureAD and MSA. #51
  • Turns out that my OpenID Connect implementation only have OAuth2 query support, and passed code and tokens through such. This is against spec, against nature, and now fixed. #50
    • Both the id_token code and id_token flows now support POST and will do the right thing no matter if using v1 or v2. Fragment still not supported. #49
      • I've exposed this as a config setting you can pass: responseType:. The default is id_token code to match the rest of ADAL.
      • *Login only id_token is now supported through POST only.
      • OAuth flows code and OAuth + OpenID Connect id_token code support query or POST response modes.
      • In addition, I've exposed this as a config setting you can pass: responseMode:. The default is form_post
  • In support of this, I've updated the app.js in /example to work no matter if using id_token, or id_token code for either v1 or v2.
  • Added nonce that is actually a nonce (utils.uid(16))
• passport OIDC strategy now respects the metadata that is passed to it, so any PPE and Prod metadata endpoints, both v1 and v2, will work.