webadmin: remove the implicit flow

we now use pkce . main advantage is that we don't see the access token
in the url anymore.

in pkce, the auth code by itself is useless. need the verifier.

fixes #844

dashboard/src/components/SetupAccount.vue

@@ -5,6 +5,7 @@ import { marked } from 'marked';
 import { Button, PasswordInput, FormGroup, TextInput } from '@cloudron/pankow';
 import PublicPageLayout from '../components/PublicPageLayout.vue';
 import ProfileModel from '../models/ProfileModel.js';
+import { startAuthFlow } from '../utils.js';
 
 const profileModel = ProfileModel.create();
 
@@ -89,7 +90,7 @@ async function onSubmit() {
   // set token to autologin on first oidc flow
   localStorage.cloudronFirstTimeToken = result.accessToken;
 
-  dashboardUrl.value = '/openid/auth?client_id=cid-webadmin&scope=openid email profile&response_type=code token&redirect_uri=' + window.location.origin + '/authcallback.html';
+  dashboardUrl.value = await startAuthFlow('cid-webadmin', '');
 
   busy.value = false;
   mode.value = MODE.DONE;