Provide consistent API to an authentication strategy and a callback

[aleks-pro]

1. Now you should use the internalRes object to access response (redirect, cookies, ...) in an authentication strategy or a callback

2. You should always return jwt token or throw an exception from callback, so there is no proper way to process an error