Looking at the authorizations offered while creating the connection to MCP (Model Context Protocol), all the options related to (OAuth) ask for a client secret as a mandatory field. While searching on MCP Documentation, the client side must implement a PKCE (Proof Key of Code Exchange) flow, with this flow its not mandatory to have a client secret to get Authorization to interact with the MCP Server. Making a lot of MCP Servers impossible to connect to OutSystems. Where is the link for the documentation where they explain why PKCE flow should be mandatory:

https://modelcontextprotocol.io/specification/2025-11-25/basic/authorization#authorization-code-protection

My suggestion here is to make client secret not mandatory.