Adapt AuthState format to better fit dns-less scheme

[tmodoux]

When accepting an app access request, register is storing an auth state object similar to:

  status: 'ACCEPTED';
  username: string;
  token: string;

Since these properties will be provided to the client app, it would be nice to provide these as a apiEndpoint (concatenation of username + token + apiUrl).