From af0de4632e3cb293d52495a01ae51f334cf62dd3 Mon Sep 17 00:00:00 2001
From: Stephen Andary <stephen@jamminmusic.com>
Date: Tue, 5 Dec 2023 14:15:41 -0500
Subject: [PATCH] add logic for legacy server pkce verification when auth
 method is not None, and code verifier is not empty.

---
 pkg/op/server_legacy.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/op/server_legacy.go b/pkg/op/server_legacy.go
index deb1abc..165cf52 100644
--- a/pkg/op/server_legacy.go
+++ b/pkg/op/server_legacy.go
@@ -205,10 +205,15 @@ func (s *LegacyServer) CodeExchange(ctx context.Context, r *ClientRequest[oidc.A
 	if err != nil {
 		return nil, err
 	}
+
 	if r.Client.AuthMethod() == oidc.AuthMethodNone {
 		if err = AuthorizeCodeChallenge(r.Data.CodeVerifier, authReq.GetCodeChallenge()); err != nil {
 			return nil, err
 		}
+	} else if r.Data.CodeVerifier != "" {
+		if err = AuthorizeCodeChallenge(r.Data.CodeVerifier, authReq.GetCodeChallenge()); err != nil {
+			return nil, err
+		}
 	}
 	resp, err := CreateTokenResponse(ctx, authReq, r.Client, s.provider, true, r.Data.Code, "")
 	if err != nil {