fix(oauth): omit blank pkce from url when not supported (#21976)

* fix(oauth): omit blank pkce from url when now pkce

* fix(oauth): use spread operator for pkce params

* chore: use first method

---------

Co-authored-by: Your Name <you@example.com>
Co-authored-by: Jason Rasmussen <jrasm91@gmail.com>

server/src/repositories/oauth.repository.ts

@@ -29,6 +29,7 @@ export class OAuthRepository {
     );
     const client = await this.getClient(config);
     state ??= randomState();
+
     let codeVerifier: string | null;
     if (codeChallenge) {
       codeVerifier = null;
@@ -36,13 +37,20 @@ export class OAuthRepository {
       codeVerifier = randomPKCECodeVerifier();
       codeChallenge = await calculatePKCECodeChallenge(codeVerifier);
     }
-    const url = buildAuthorizationUrl(client, {
+
+    const params: Record<string, string> = {
       redirect_uri: redirectUrl,
       scope: config.scope,
       state,
-      code_challenge: client.serverMetadata().supportsPKCE() ? codeChallenge : '',
+    };
-      code_challenge_method: client.serverMetadata().supportsPKCE() ? 'S256' : '',
+
-    }).toString();
+    if (client.serverMetadata().supportsPKCE()) {
+      params.code_challenge = codeChallenge;
+      params.code_challenge_method = 'S256';
+    }
+
+    const url = buildAuthorizationUrl(client, params).toString();
+
     return { url, state, codeVerifier };
   }