Login may redirect to ouath2_authorizations#create which may then redirect to arbitrary schemes if the application is already authorized so we need to allow login to redirect to any scheme. Fixes #3424
Certain controller methods are shared with oauth-based logins, and these have been moved to a concern.
