diff --git a/storage/conformance/conformance.go b/storage/conformance/conformance.go
index baf3948d505f8a931a96bed8c64def33d086d2f7..563a4030bf67c25228eb30b508876821e179be99 100644
--- a/storage/conformance/conformance.go
+++ b/storage/conformance/conformance.go
@@ -185,6 +185,10 @@ func testAuthCodeCRUD(t *testing.T, s storage.Storage) {
Expiry: neverExpire,
ConnectorID: "ldap",
ConnectorData: []byte(`{"some":"data"}`),
+ PKCE: storage.PKCE{
+ CodeChallenge: "12345",
+ CodeChallengeMethod: "Whatever",
+ },
Claims: storage.Claims{
UserID: "1",
Username: "jane",
diff --git a/storage/etcd/etcd.go b/storage/etcd/etcd.go
index e8abe3d08fb570ce79a2f43a39c6258cf6fdf17f..6f320e22fde2a6317573275db0c7f4f1e2cbfc6e 100644
--- a/storage/etcd/etcd.go
+++ b/storage/etcd/etcd.go
@@ -156,7 +156,11 @@ func (c *conn) CreateAuthCode(a storage.AuthCode) error {
func (c *conn) GetAuthCode(id string) (a storage.AuthCode, err error) {
ctx, cancel := context.WithTimeout(context.Background(), defaultStorageTimeout)
defer cancel()
- err = c.getKey(ctx, keyID(authCodePrefix, id), &a)
+ var ac AuthCode
+ err = c.getKey(ctx, keyID(authCodePrefix, id), &ac)
+ if err == nil {
+ a = toStorageAuthCode(ac)
+ }
return a, err
}
diff --git a/storage/etcd/types.go b/storage/etcd/types.go
index 22e083afe55540d66445a8ff181cb0fb2fd6beae..f2ffd9f7026988312322f64f35e160b041bc8dd4 100644
--- a/storage/etcd/types.go
+++ b/storage/etcd/types.go
@@ -26,6 +26,24 @@ type AuthCode struct {
CodeChallengeMethod string `json:"code_challenge_method,omitempty"`
}
+func toStorageAuthCode(a AuthCode) storage.AuthCode {
+ return storage.AuthCode{
+ ID: a.ID,
+ ClientID: a.ClientID,
+ RedirectURI: a.RedirectURI,
+ ConnectorID: a.ConnectorID,
+ ConnectorData: a.ConnectorData,
+ Nonce: a.Nonce,
+ Scopes: a.Scopes,
+ Claims: toStorageClaims(a.Claims),
+ Expiry: a.Expiry,
+ PKCE: storage.PKCE{
+ CodeChallenge: a.CodeChallenge,
+ CodeChallengeMethod: a.CodeChallengeMethod,
+ },
+ }
+}
+
func fromStorageAuthCode(a storage.AuthCode) AuthCode {
return AuthCode{
ID: a.ID,