diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
index 717c9907..ca3df25c 100644
--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
@@ -681,8 +681,8 @@ namespace OpenIddict.Server
                         throw new ArgumentNullException(nameof(context));
                     }
 
-                    // Only populate code_challenge_methods_supported if both the authorization and token endpoints are enabled.
-                    if (context.AuthorizationEndpoint != null && context.TokenEndpoint != null)
+                    // Only populate code_challenge_methods_supported if the code flow was enabled.
+                    if (context.GrantTypes.Contains(GrantTypes.AuthorizationCode))
                     {
                         // Note: supporting S256 is mandatory for authorization servers that implement PKCE.
                         // See https://tools.ietf.org/html/rfc7636#section-4.2 for more information.