OAuth flow - detect if an oauth session is already active

[marcinbot]

See https://github.com/Automattic/woocommerce-payments/pull/171#issuecomment-521056967

The OAuth init endpoint returns a secret which gets stored as a transient for a day or until the flow is finished. If at the end of the flow the passed in secret mismatches the transient, then no account is connected and an error is shown. This can lead to a few edge cases:

• Starting the flow in another tab, not finishing it, then starting the flow again, then finishing the first flow - the transient would get overwritten and finishing the first flow would result in an error
• Finishing the flow after a day - Stripe might not allow this as they have a timeout as well, but technically it's possible for the transient to expire

Potential solutions:

• Use an array of transients
• Preferred: check if the transient is set, and when a new flow is started show a message asking for confirmation

[vbelolapotkov]

This one seems to be relevant. This is where we set onboarding state today https://github.com/Automattic/woocommerce-payments/blob/3a958f7c4e7399b7acde0700612bb3a1fa389fbe/includes/class-wc-payments-account.php#L706-L706

We still don't check that state before initiating onboarding.

[jessy-p]

This issue impacts Onboarding, Account management, General purpose communications and communication tools, so assigning to Moltres (based on team responsibilities Pc2DNy-3z-p2) @daquinons. Assigning as part of Gamma Triage process PcreKM-yM-p2.

Reassigning this old issue while re-evaluating backlog.