Have you had any success with hiding this URL? Also, just to be sure I am understanding correctly, can a screenshot of the where these "recent" WDCs and these URLs are being displayed?
Yes, I have figured out something that works - I have a server-based redirect that rewrites the query string into the hash (so for example http://foo.com?p1=v1 becomes http://foo.com#p1=v1)...tableau does not see differences in the hash as being a different url so it keeps my primary connector url. It's kinda ugly, and I'd think there must be a better way (since every connector that uses oauth2 authcode grant would encounter this), but it works. The "recent WDCs" list I was referring to is just the bottom half of the main WDC dialog, in tableau desktop....see the attached screenshot which shows tableau recording/displaying the transitional oauth urls, which are both ugly and misleading - if the user was click on one of those on a subsequent visit they would likely just get an error. But as I said, it's all good...I've got a working solution.