From 7a1ad7aa2f69f5c867ffb82ccaccb5fff1bbc680 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Sun, 15 Sep 2019 16:11:39 +0200
Subject: [PATCH] Update AttachCodeChallengeMethods to only return
 code_challenge_methods_supported when the code flow was enabled

---
 src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
index 717c9907..ca3df25c 100644
--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs
@@ -681,8 +681,8 @@ namespace OpenIddict.Server
                         throw new ArgumentNullException(nameof(context));
                     }
 
-                    // Only populate code_challenge_methods_supported if both the authorization and token endpoints are enabled.
-                    if (context.AuthorizationEndpoint != null && context.TokenEndpoint != null)
+                    // Only populate code_challenge_methods_supported if the code flow was enabled.
+                    if (context.GrantTypes.Contains(GrantTypes.AuthorizationCode))
                     {
                         // Note: supporting S256 is mandatory for authorization servers that implement PKCE.
                         // See https://tools.ietf.org/html/rfc7636#section-4.2 for more information.