fix: Update OAuth implementation

Author: reeshika-h

src/main/java/com/contentstack/cms/models/OAuthConfig.java

@@ -59,15 +59,42 @@ public boolean isPkceEnabled() {
      * @return The authorization endpoint URL
      */
     public String getFormattedAuthorizationEndpoint() {
-        return authEndpoint != null ? authEndpoint : "https://app.contentstack.com/#!/apps/oauth/authorize";
+        if (authEndpoint != null) {
+            return authEndpoint;
+        }
+
+        // Transform hostname similar to JS SDK
+        String hostname = "app.contentstack.com";
+        
+        // Handle environment-specific transformations
+        if (hostname.endsWith("io")) {
+            hostname = hostname.replace("io", "com");
+        }
+        if (hostname.startsWith("api")) {
+            hostname = hostname.replace("api", "app");
+        }
+        
+        return "https://" + hostname + "/#!/apps/oauth/authorize";
     }
 
     /**
      * Gets the formatted token endpoint URL
      * @return The token endpoint URL
      */
     public String getTokenEndpoint() {
-        return tokenEndpoint != null ? tokenEndpoint : "https://app.contentstack.com/apps/oauth/token";
+        if (tokenEndpoint != null) {
+            return tokenEndpoint;
+        }
+
+        // Transform for developer hub
+        String hostname = "developerhub-api.contentstack.com";
+        
+        // Handle environment-specific transformations
+        hostname = hostname
+            .replaceAll("^dev\\d+", "dev")  // Replace dev1, dev2, etc. with dev
+            .replace("io", "com");
+        
+        return "https://" + hostname + "/apps/oauth/token";
     }
 
     /**

src/main/java/com/contentstack/cms/oauth/OAuthHandler.java

@@ -121,8 +121,12 @@ public String authorize() {
                      .append("?app_id=").append(URLEncoder.encode(config.getAppId(), "UTF-8"))
                      .append("&response_type=").append(config.getResponseType())
                      .append("&client_id=").append(URLEncoder.encode(config.getClientId(), "UTF-8"))
-                     .append("&redirect_uri=").append(URLEncoder.encode(config.getRedirectUri(), "UTF-8"))
-                     .append("&state=").append(URLEncoder.encode(this.state, "UTF-8"));
+                     .append("&redirect_uri=").append(URLEncoder.encode(config.getRedirectUri(), "UTF-8"));
+
+            // Add state for CSRF protection (always needed)
+            if (this.state != null) {
+                urlBuilder.append("&state=").append(URLEncoder.encode(this.state, "UTF-8"));
+            }
 
             // Add PKCE parameters if enabled
             if (config.isPkceEnabled()) {