From 9d12d1d900f30a2eed3a8e60b5e33988758409bf Mon Sep 17 00:00:00 2001
From: Stephen Andary <stephenandary@gmail.com>
Date: Thu, 7 Dec 2023 10:36:03 -0500
Subject: [PATCH] feat(op): PKCE Verification in Legacy Server when AuthMethod
 is not NONE and CodeVerifier is not Empty (#496)

* add logic for legacy server pkce verification when auth method is not None, and code verifier is not empty.

* update per Tim's direction
---
 pkg/op/server_legacy.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/op/server_legacy.go b/pkg/op/server_legacy.go
index deb1abc0..a851a2a4 100644
--- a/pkg/op/server_legacy.go
+++ b/pkg/op/server_legacy.go
@@ -205,7 +205,7 @@ func (s *LegacyServer) CodeExchange(ctx context.Context, r *ClientRequest[oidc.A
 	if err != nil {
 		return nil, err
 	}
-	if r.Client.AuthMethod() == oidc.AuthMethodNone {
+	if r.Client.AuthMethod() == oidc.AuthMethodNone || r.Data.CodeVerifier != "" {
 		if err = AuthorizeCodeChallenge(r.Data.CodeVerifier, authReq.GetCodeChallenge()); err != nil {
 			return nil, err
 		}