redirect to client redirect_uri after oAuth2 session cleanup

[DrMegavolt]

current implementation of site.logout just removes the session of the user.

the idea is to somehow before clearing the session identify client_id find redirect_uri of the app and return user there

cliend_id most likely will be in session

@StickNitro

[DrMegavolt]

After some investigation this scenario will be unstable due to session expiration. Instead client should send returnTo parameter with url

if client_id is provided. then EG must validate if the passed url is allowed by app

more info https://auth0.com/docs/logout

[DrMegavolt]

and default redirect uri should be made configurable for both login and logout (/ currently)