OIDC: Invalid error code returned in badAuthRequest
badAuthRequest should return a standard OAuth2 error code instead of "XX may not be called by an authenticated user"
badAuthRequest should return a standard OAuth2 error code instead of "XX may not be called by an authenticated user"