- stop using jti, use sid instead
- store amr and auth_time from id_token in session
- log more metadata on login callback
- log session id where possible
- propagate acr, amr, auth_time, sid to upstreams in headers
- log authenticated reverseproxy requests
We use the context from the inbound http.Request, which means that this
error generally occurs due to the user agent disconnecting mid-request.
Skip logging these errors as they're not really actionable.
