core: b2c improvements p1 (#9257)

* add default app and restrict

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* also pass raw email token for custom email templates

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* revoke access token when user logs out

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remigrate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add command to change user types

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add some docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* blankable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* actually fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

website/docs/core/brands.md

@@ -20,3 +20,7 @@ This means that if you want to select a default flow based on policy, you can le
 ## Branding
 
 The brand configuration controls the branding title (shown in website document title and several other places), the sidebar/header logo that appears in the upper left of the product interface, and the favicon on a browser tab.
+
+## External user settings
+
+The **Default application** configuration can be used to redirect external users to an application when they successfully authenticate without being sent from a specific application.