STCOR-853 do not include credential in /authn/token request

[zburke]

The request to /authn/token pulls an OTP from the query string and exchanges it for AT/RT cookies. If, somehow, the browser already has cookies and sends them along on this request, it causes a negative feedback look because the OTP and the cookies are out of sync. The old AT/RT cookies will cause the endpoint to return 4xx, which will result in a redirect back to keycloak, which will find its (still perfectly valid) authentication cookies, which will cause it redirect back to stripes with a new OTP ... and the cycle repeats.

Thus, when we are exchanging an OTP, we don't want to send any cookies. We want the to send the OTP and have new cookies from the response overwrite anything that was previously stored.

Refs STCOR-853

[github-actions]

Jest Unit Test Statistics

228 tests  +2   228 ✔️ +2   56s ⏱️ -3s
  45 suites +1       0 💤 ±0 
    1 files   ±0       0 ❌ ±0 

Results for commit 1329419. ± Comparison against base commit bc04288.

♻️ This comment has been updated with latest results.

[github-actions]

BigTest Unit Test Statistics

    1 files  ±0      1 suites  ±0   10s ⏱️ ±0s
266 tests ±0  260 ✔️ ±0  6 💤 ±0  0 ❌ ±0 
269 runs  ±0  263 ✔️ ±0  6 💤 ±0  0 ❌ ±0 

Results for commit 1329419. ± Comparison against base commit bc04288.

♻️ This comment has been updated with latest results.

[ryandberger]

Glad you could correct this with a small change. Thanks for adding test coverage!

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[zburke]

Like #1478, branches got wacky due to an accidental merge; there should only be one commit on this branch :/ Gonna try re-opening it against current tip of keycloak-ramsons.