From 8e86a8e01e09aeb714ee86583880b7a7c4276be0 Mon Sep 17 00:00:00 2001
From: Mark Laing <mark.laing@canonical.com>
Date: Wed, 4 Jun 2025 10:26:17 +0100
Subject: [PATCH] pkg/client/rp: Update PKCE logic to pass request if required
 by cookie handler.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
---
 pkg/client/rp/relying_party.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/pkg/client/rp/relying_party.go b/pkg/client/rp/relying_party.go
index 3cd8db1..93c5dd0 100644
--- a/pkg/client/rp/relying_party.go
+++ b/pkg/client/rp/relying_party.go
@@ -415,7 +415,14 @@ func AuthURLHandler(stateFn func() string, rp RelyingParty, urlParam ...URLParam
 			return
 		}
 		if rp.IsPKCE() {
-			codeChallenge, err := GenerateAndStoreCodeChallenge(w, rp)
+			var codeChallenge string
+			var err error
+			if rp.CookieHandler().IsRequestAware() {
+				codeChallenge, err = GenerateAndStoreCodeChallengeWithRequest(r, w, rp)
+			} else {
+				codeChallenge, err = GenerateAndStoreCodeChallenge(w, rp)
+			}
+
 			if err != nil {
 				unauthorizedError(w, r, "failed to create code challenge: "+err.Error(), state, rp)
 				return