Allow usage without client_secret in refresh token grant for services that only rely on PKCE

[jackyhu-db]

v1.43.0 allows the usage without client_secret for services that only rely on PKCE (e6afdfb), but it did not remove the client_secret check in the token refresh (https://github.com/googleworkspace/apps-script-oauth2/blob/main/src/Service.js#L667), so PKCE without client_secret cannot work with refresh token grant. Can you also remove client_secret validation in the refresh as well?

[anna-romanova]

Running into the same issue with refresh token functionality when using PKCE without setting the client_secret.

[kaitlynsteeves]

+1. Is there an estimated timeframe for when this will be addressed?