From d180978b3503b391b104b282eb9cb0eea5534818 Mon Sep 17 00:00:00 2001
From: Diego Parisi <gandaldf@users.noreply.github.com>
Date: Wed, 2 Aug 2023 12:07:31 +0200
Subject: [PATCH] Delete PKCE cookie after code exchange

---
 pkg/client/rp/relying_party.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/client/rp/relying_party.go b/pkg/client/rp/relying_party.go
index 114599d..051b8c8 100644
--- a/pkg/client/rp/relying_party.go
+++ b/pkg/client/rp/relying_party.go
@@ -438,6 +438,7 @@ func CodeExchangeHandler[C oidc.IDClaims](callback CodeExchangeCallback[C], rp R
 				return
 			}
 			codeOpts = append(codeOpts, WithCodeVerifier(codeVerifier))
+			rp.CookieHandler().DeleteCookie(w, pkceCode)
 		}
 		if rp.Signer() != nil {
 			assertion, err := client.SignedJWTProfileAssertion(rp.OAuthConfig().ClientID, []string{rp.Issuer()}, time.Hour, rp.Signer())