Section 3.1.2 from OpenID Connect core specification
We should redirect when user is not authenticated