OAuth2: allow for 'None' auth method to enable pkce code challenge

dao/src/main/java/org/thingsboard/server/dao/oauth2/HybridClientRegistrationRepository.java

@@ -43,6 +43,15 @@ public class HybridClientRegistrationRepository implements ClientRegistrationRep
 
     private ClientRegistration toSpringClientRegistration(OAuth2Client oAuth2Client){
         String registrationId = oAuth2Client.getUuidId().toString();
+
+        // NONE is used if we need pkce-based code challenge
+        ClientAuthenticationMethod authMethod = ClientAuthenticationMethod.NONE;
+        if (oAuth2Client.getClientAuthenticationMethod().equals("POST")) {
+            authMethod = ClientAuthenticationMethod.CLIENT_SECRET_POST;
+        } else if (oAuth2Client.getClientAuthenticationMethod().equals("BASIC")) {
+            authMethod = ClientAuthenticationMethod.CLIENT_SECRET_BASIC;
+        }
+
         return ClientRegistration.withRegistrationId(registrationId)
                 .clientName(oAuth2Client.getName())
                 .clientId(oAuth2Client.getClientId())
@@ -54,8 +63,7 @@ public class HybridClientRegistrationRepository implements ClientRegistrationRep
                 .userInfoUri(oAuth2Client.getUserInfoUri())
                 .userNameAttributeName(oAuth2Client.getUserNameAttributeName())
                 .jwkSetUri(oAuth2Client.getJwkSetUri())
-                .clientAuthenticationMethod(oAuth2Client.getClientAuthenticationMethod().equals("POST") ?
+                .clientAuthenticationMethod(authMethod)
-                        ClientAuthenticationMethod.CLIENT_SECRET_POST : ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                 .redirectUri(defaultRedirectUriTemplate)
                 .build();
     }

ui-ngx/src/app/shared/models/oauth2.models.ts

@@ -69,6 +69,7 @@ export interface OAuth2RegistrationInfo {
 }
 
 export enum ClientAuthenticationMethod {
+  NONE = 'NONE',
   BASIC = 'BASIC',
   POST = 'POST'
 }