Update AttachCodeChallengeMethods to only return code_challenge_methods_supported when the code flow was enabled

7 years ago · 7a1ad7aa2f
1 changed files with 2 additions and 2 deletions
--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
@ -681,8 +681,8 @@ namespace OpenIddict.Server
                        throw new ArgumentNullException(nameof(context));
                    }

-                    // Only populate code_challenge_methods_supported if both the authorization and token endpoints are enabled.
-                    if (context.AuthorizationEndpoint != null && context.TokenEndpoint != null)
+                    // Only populate code_challenge_methods_supported if the code flow was enabled.
+                    if (context.GrantTypes.Contains(GrantTypes.AuthorizationCode))
                    {
                        // Note: supporting S256 is mandatory for authorization servers that implement PKCE.
                        // See https://tools.ietf.org/html/rfc7636#section-4.2 for more information.