[keycloak-user] 307 redirect issue + OAuth2/OpenID Connect possible vulnerability