Force openid callbacks to use GET to avoid CSRF validation issues