Prevent probably-unnecessary error in TPA next-URL login code that causes some SafeSession mismatches

[robrap]

We think that when running_pipeline is None, we should probably just skip setting a finish_auth_url and log a warning:

edx-platform/openedx/core/djangoapps/user_authn/views/login.py

Line 586 in fa7ef86

finish_auth_url = pipeline.get_complete_url(backend_name=running_pipeline['backend'])

Theory: When an error is thrown here ('NoneType' object is not subscriptable), the user gets a new, valid session cookie but keeps their old JWT cookies, which causes a mismatch.

We’re not sure whether running_pipeline is expected to sometimes be None, so the warning may not even be appropriate, but we should have a warning here until such time as someone determines that it can be removed.

Note: This was moved here from this 2U private-link ticket.

[robrap]

We think this might be simple to fix, but has not been deemed a high enough priority. I created a starter PR for this: #29853