Build the application/x-www-form-urlencoded body for the upstream
authorization-code token exchange. Uses the proxy's fixed upstream
client_id, fixed callback redirect_uri, the client-supplied PKCE
code_verifier, and (RFC 8707) resource. For client_secret_post the
upstream secret is appended to the body; for client_secret_basic it is sent
via proxyTokenAuthHeader instead.
Build the application/x-www-form-urlencoded body for the upstream authorization-code token exchange. Uses the proxy's fixed upstream client_id, fixed callback redirect_uri, the client-supplied PKCE code_verifier, and (RFC 8707) resource. For client_secret_post the upstream secret is appended to the body; for client_secret_basic it is sent via proxyTokenAuthHeader instead.