PKCE flow leaves out state parameter required by Okta

[remi-gelinas]

Checklist

• [x ] I've searched the issue queue to verify this is not a duplicate bug report.
• [x ] I've included steps to reproduce the bug.
• [x ] I've pasted the output of kargo version.
• [x ] I've pasted logs, if applicable.

Description

This is the same issue raised for ArgoCD in argoproj/argo-cd#17217. Per Okta docs, they require a state parameter passed during authorization despite it not technically being required by spec when PKCE is in use.

Steps to Reproduce

Create an Okta OIDC Single Page Application, and enable PKCE. Attempting to authorize with Kargo will return a 400 because the authorization request is missing a state parameter.

Version

{
  "Version": "v1.2.3",
  "BuildDate": "2025-02-19T13:13:42Z",
  "GitCommit": "66b633b77186bd25c49c0618dac3a1379bd1aa3a",
  "GitTreeDirty": false,
  "GoVersion": "go1.23.6",
  "Compiler": "gc",
  "Platform": "linux/amd64"
}

Logs

N/A

[krancour]

#2916 partially addresses this, but hasn't been sufficiently validated.

@remi-gelinas I know you already found that issue and commented on it. I'm just adding this comment to establish the relationship between this issue and that PR. Neither previously made any mention of the other.

[remi-gelinas]

Yes, thank you - I did a cursory search for previous issues, but not existing PRs.

Happy to see a fix already proposed, even if it still has to be validated.