From 24052130ee91d31405b8f15d4d2bbdb22b493f6f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Tue, 25 May 2021 16:52:37 +0200
Subject: [PATCH] Update the PKCE documentation to indicate how to enable
 code_challenge_method=plain support

---
 configuration/proof-key-for-code-exchange.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/configuration/proof-key-for-code-exchange.md b/configuration/proof-key-for-code-exchange.md
index 6fabc0d..d600388 100644
--- a/configuration/proof-key-for-code-exchange.md
+++ b/configuration/proof-key-for-code-exchange.md
@@ -52,4 +52,17 @@ await manager.CreateAsync(new OpenIddictApplicationDescriptor
         Requirements.Features.ProofKeyForCodeExchange
     }
 });
+```
+
+## Enabling `code_challenge_method=plain` support
+
+By default, OpenIddict only supports `code_challenge_method=S256`, which is the safest code challenge method and the only one required by the PKCE specification.
+While not recommended, support for the `code_challenge_method=plain` method can be manually enabled by adding it to `OpenIddictServerOptions.CodeChallengeMethods`:
+
+```csharp
+services.AddOpenIddict()
+    .AddServer(options =>
+    {
+        options.Configure(options => options.CodeChallengeMethods.Add(CodeChallengeMethods.Plain));
+    });
 ```
\ No newline at end of file