In OAuth2SsoMiddleware@handle, we should check session "oauth2_auth_state" is ok. But we need to specific routes to allow by pass if we already have session "oauth2_auth_state"
Reproduce:
Enter route with middleware OAuth2SsoMiddleware, wait for redirect to authentication server
Close tab only (keep session open for current website)
Open route in step 1 in new tab, now middleware OAuth2SsoMiddleware will bypass our request because we already have session "oauth2_auth_state"
In OAuth2SsoMiddleware@handle, we should check session "oauth2_auth_state" is ok. But we need to specific routes to allow by pass if we already have session "oauth2_auth_state"
Reproduce: