OpenID Connect SSO - user authentication fails because client_id is included in redirect_uri

Please make sure that you have checked the boxes:

• Review the Quickstart guide
• Search for both open and closed issues regarding the problem you are experiencing
• For permissions issues (Access Denied and credential related errors), please refer to the requisite docs before submitting an issue: AWS, GCP, OpenStack, GitHub

Description of issue:

When OpenID Connect is configured for user authentication, and a user is redirected from SecurityMonkey to an OAuth Authorization Server to be authenticated, SecurityMonkey includes the client_id in the state parameter, which causes an issue for all Authorization Servers that enforce RFC 6749 (OAuth 2.0 Authorization Framework), specifically section 2.3.1 Client Password:

https://tools.ietf.org/html/rfc6749#section-2.3.1

Including the client credentials in the request-body using the two
parameters is NOT RECOMMENDED and SHOULD be limited to clients unable
to directly utilize the HTTP Basic authentication scheme (or other
password-based HTTP authentication schemes).  The parameters can only
be transmitted in the request-body and MUST NOT be included in the
request URI.

I believe that removing the client_id from the state parameter would fix this issue and help this project conform to the OAuth 2.0 specification better.