diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index 7d6ae8dd5b1af20b9f83f786a364669c71fa3ca0..9b061dc9f5140d3e432563d16c73331557c3fa35 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -62,6 +62,7 @@ type UserMatcher struct {
 	GroupAttr string `json:"groupAttr"`
 }
 
+// Config holds configuration options for LDAP logins.
 type Config struct {
 	// The host and optional port of the LDAP server. If port isn't supplied, it will be
 	// guessed based on the TLS configuration. 389 or 636.
diff --git a/server/handlers.go b/server/handlers.go
index 342849ee1b1a170bb6514db5515dbb32ee112582..5a7244faaa86b34d6a0d9b2973d84027786b983f 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -820,7 +820,8 @@ func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, client s
 	codeChallengeFromStorage := authCode.PKCE.CodeChallenge
 	providedCodeVerifier := r.PostFormValue("code_verifier")
 
-	if providedCodeVerifier != "" && codeChallengeFromStorage != "" {
+	switch {
+	case providedCodeVerifier != "" && codeChallengeFromStorage != "":
 		calculatedCodeChallenge, err := s.calculateCodeChallenge(providedCodeVerifier, authCode.PKCE.CodeChallengeMethod)
 		if err != nil {
 			s.logger.Error(err)
@@ -831,11 +832,11 @@ func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, client s
 			s.tokenErrHelper(w, errInvalidGrant, "Invalid code_verifier.", http.StatusBadRequest)
 			return
 		}
-	} else if providedCodeVerifier != "" {
+	case providedCodeVerifier != "":
 		// Received no code_challenge on /auth, but a code_verifier on /token
 		s.tokenErrHelper(w, errInvalidRequest, "No PKCE flow started. Cannot check code_verifier.", http.StatusBadRequest)
 		return
-	} else if codeChallengeFromStorage != "" {
+	case codeChallengeFromStorage != "":
 		// Received PKCE request on /auth, but no code_verifier on /token
 		s.tokenErrHelper(w, errInvalidGrant, "Expecting parameter code_verifier in PKCE flow.", http.StatusBadRequest)
 		return