fix: use dynamic port allocation for OAuth server

[frozendevil]

Summary

Replace hardcoded port 8020 with OS-assigned dynamic port to prevent conflicts with other applications. The OAuth server now binds to port 0 by default (when no specific port is provided in redirect URL), allowing the OS to assign an available port automatically.

Changes:

• Modified OAuth flow to bind to dynamic port and use actual assigned port
• Updated default redirect URL to not include hardcoded port

Resolves port conflicts during OAuth authentication flow.

Type of Change

• [ x] Feature

Testing

Unit tests pass.

Manual test:

• Started a python server on port 8020: python3 -m http.server 8020.
• Removed Databricks OAuth token and verified the auth flow from the command line:

$ rm ~/.config/goose/databricks/oauth/fd697cbfcc4c3b9832447a333340aa7ccddd9a1d2c8712ef8b0be1d5a92595b2.json                                                        
$ unset DATABRICKS_TOKEN                                                                                                                                           
$ export GOOSE_DISABLE_KEYRING=true                                                                                                                                
$ ./target/release/goose run --text "hi" --provider databricks --model databricks-claude-sonnet-4                                                                  
starting session | provider: databricks model: databricks-claude-sonnet-4
    session id: 20251006_112018
    working directory: /Users/izzy/Code/goose
Hello! I'm goose, your AI assistant. I'm here to help you with a wide variety of tasks including:

- **Code development** - editing files, running commands, analyzing codebases
- **Computer automation** - controlling applications, web scraping, file processing
- **Task management** - organizing and tracking multi-step projects
- **Data processing** - working with spreadsheets, documents, PDFs
- **System operations** - shell commands, file management, automation scripts

What would you like to work on today? You can describe your task and I'll help break it down and execute it step by step.

If you need help with the interface, here are some useful commands:
- `/help` or `/?` - Display help message
- `/t` - Toggle between Light/Dark/Ansi themes  
- `/exit` or `/quit` - Exit the session
- `Ctrl+C` - Interrupt current interaction
- `Ctrl+J` - Add a newline
- `Up/Down arrows` - Navigate command history
$ 

The login redirect page opened with a URL of http://localhost:61601/?code=dcod7de228f79cd0fecbe7b0955105959de8&state=yYAiqVQQl7AeDrlX, indicating it bound to port 61601. We received a full response indicating that the subsequence communication with Databricks succeeded.

[michaelneale]

nice one - @frozendevil if you can update to main and push to trigger a build, we can get this in. really nice catch! we probably have other places we make this mistake too

[frozendevil]

cool, thanks! The fork is up-to-date now, but I don't have permission to kickoff the workflows

[DOsinga]

this is obviously a good fix! thanks for that.

that said, if you wanted to make it even sharper, I would the added LLM comments, the code should speak for itself. also I would put the url/port processing in get_authorization_url and not rename that thing.

[michaelneale]

I don't hate all the comments:

// If no port is specified (or port is explicitly 0), let the OS assign one

is nice as I always forget you can do that!
(comments are for people that forhget, like me, not those that forever remember like @DOsinga !)

nice one!

[frozendevil]

Yeah, my reasoning for leaving the comments was that the port-0 behavior is something that lots of folks haven't encountered (or have forgotten). I've cleaned up the other comments though.

Re: get_authorization_url—the resolved URL is passed to both get_authorization_url and exchange_code_for_token, so the current spot seemed like the lowest common parent for both of those. Maybe I'm misunderstanding something though?