1.1.0-alpha.1

Pre release:

• Add option to disable csrf as this is broken in some scenarios
• encode state parameter with redirect URL in json. This allows journeys to persist through Keycloak OIDC flows and end up in the correct location when the browser is changed mid-flow so cookies are lost (i.e. magic link auth)