Tidy OAuth2Provider: drop dead getter and de-duplicate emptiness check

- Remove unused getSetting(); getDestinationAppId/SecretFields cover all callers.
- getDestinationAppId() now returns ?string (null when unset), so the
  destination drops its duplicate isEmptyOAuth2Setting() helper and isConfigured()
  reads as `enabled || appId !== null`.
- Document the PROVIDERS target/key routing so adding a provider is self-explanatory.

Author: premtsd-code

src/Migration/Destinations/Appwrite.php

@@ -3559,7 +3559,7 @@ protected function createOAuth2Provider(OAuth2Provider $resource): bool
         $oAuthProviders = $project->getAttribute('oAuthProviders', []);
 
         $appId = $resource->getDestinationAppId();
-        if (!$this->isEmptyOAuth2Setting($appId)) {
+        if ($appId !== null) {
             $oAuthProviders[$key . 'Appid'] = $appId;
         }
 
@@ -3604,11 +3604,6 @@ private function mergeJsonSecret(string $existing, array $fields): string
         return \json_encode($decoded) ?: '';
     }
 
-    private function isEmptyOAuth2Setting(mixed $value): bool
-    {
-        return $value === null || $value === '' || $value === [];
-    }
-
     /**
      * Direct DB write — SDK policy setters reject `total: 0` but `0` is the
      * storage value for "disabled". Shares the `auths` map with

src/Migration/Resources/Auth/OAuth2/OAuth2Provider.php

@@ -14,7 +14,13 @@ final class OAuth2Provider extends Resource
     private const TARGET_SECRET = 'secret';
 
     /**
-     * Allow-list of readable provider fields that are safe to migrate.
+     * Allow-list of readable provider fields that are safe to migrate, keyed by
+     * provider. Each field declares where it lands on the destination:
+     *  - target `appId`  -> the provider's `{key}Appid` attribute (one per provider)
+     *  - target `secret` -> merged into the `{key}Secret` JSON blob, renamed via `key`
+     *
+     * Anything not listed here (clientSecret, Apple's p8File, …) is never copied,
+     * so a secret field the server may add upstream cannot leak into a migration.
      *
      * @var array<string, array<string, array{target: string, key?: string}>>
      */
@@ -150,17 +156,21 @@ public function getSettings(): array
         return $this->settings;
     }
 
-    public function getSetting(string $field): mixed
-    {
-        return $this->settings[$field] ?? null;
-    }
-
-    public function getDestinationAppId(): mixed
+    /**
+     * Value for the destination's `{key}Appid` attribute (clientId, or serviceId
+     * for Apple). Null when unset, so callers can skip it without a separate
+     * emptiness check.
+     */
+    public function getDestinationAppId(): ?string
     {
         foreach ($this->getDescriptor() as $field => $metadata) {
-            if ($metadata['target'] === self::TARGET_APP_ID && \array_key_exists($field, $this->settings)) {
-                return $this->settings[$field];
+            if ($metadata['target'] !== self::TARGET_APP_ID) {
+                continue;
             }
+
+            $value = $this->settings[$field] ?? null;
+
+            return self::isEmpty($value) ? null : (string) $value;
         }
 
         return null;
@@ -190,7 +200,7 @@ public function getDestinationSecretFields(): array
 
     public function isConfigured(): bool
     {
-        return $this->enabled || !self::isEmpty($this->getDestinationAppId());
+        return $this->enabled || $this->getDestinationAppId() !== null;
     }
 
     /**