Fix an invalid error description in OpenIddictProvider.Authentication.cs

src/OpenIddict.Core/Infrastructure/OpenIddictProvider.Authentication.cs

@@ -206,13 +206,13 @@ namespace OpenIddict.Infrastructure {
 
                 // Disallow the use of the unsecure code_challenge_method=plain method.
                 // See https://tools.ietf.org/html/rfc7636#section-7.2 for more information.
-                if (context.Request.CodeChallengeMethod == OpenIdConnectConstants.CodeChallengeMethods.Plain) {
+                if (string.Equals(context.Request.CodeChallengeMethod, OpenIdConnectConstants.CodeChallengeMethods.Plain)) {
                     services.Logger.LogError("The authorization request was rejected because the " +
                                              "'code_challenge_method' parameter was set to 'plain'.");
 
                     context.Reject(
                         error: OpenIdConnectConstants.Errors.InvalidRequest,
-                        description: "The specified response_type parameter is not allowed when using PKCE.");
+                        description: "The specified code_challenge_method parameter is not allowed.");
 
                     return;
                 }

test/OpenIddict.Core.Tests/Infrastructure/OpenIddictProviderTests.Authentication.cs

@@ -246,7 +246,7 @@ namespace OpenIddict.Core.Tests.Infrastructure {
 
             // Assert
             Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
-            Assert.Equal("The specified response_type parameter is not allowed when using PKCE.", response.ErrorDescription);
+            Assert.Equal("The specified code_challenge_method parameter is not allowed.", response.ErrorDescription);
         }
 
         [Theory]