Track oidc authorizations by app, not client

app/controllers/OpenID.controller.js

@@ -176,7 +176,7 @@ class OpenIDController extends Controller {
                     {
                         text: req.T('common.grant'),
                         action: 'redirect',
-                        next: `/openid/grant-and-save/${params.client_id}/${uid.toLowerCase()}`,
+                        next: `/openid/grant-and-save/${application.id}/${uid.toLowerCase()}`,
                     },
                     {
                         text: req.T('common.grant_once'),
@@ -189,9 +189,9 @@ class OpenIDController extends Controller {
     }
 
     async grant_and_save(req, res, next) {
-        if ( !req.user.has_authorized({ client_id: req.params.client_id }) ) {
+        if ( !req.user.has_authorized({ client_id: req.params.app_id }) ) {
             req.user.authorize({
-                client_id: req.params.client_id,
+                client_id: req.params.app_id,
                 api_scopes: ['openid-connect'],
             })
 

app/routing/routers/openid.routes.js

@@ -7,7 +7,7 @@ const openid = {
     ],
 
     get: {
-        '/grant-and-save/:client_id/:uid': [
+        '/grant-and-save/:app_id/:uid': [
             'middleware::auth:UserOnly', 'controller::OpenID.grant_and_save',
         ],
         '/interaction/:uid': [