dexidp · sagikazarmark · Jan 13, 2021 · Jan 5, 2021 · Jan 5, 2021
diff --git a/storage/conformance/conformance.go b/storage/conformance/conformance.go
@@ -185,6 +185,10 @@ func testAuthCodeCRUD(t *testing.T, s storage.Storage) {
 		Expiry:        neverExpire,
 		ConnectorID:   "ldap",
 		ConnectorData: []byte(`{"some":"data"}`),
+		PKCE: storage.PKCE{
+			CodeChallenge:       "12345",
+			CodeChallengeMethod: "Whatever",
+		},
 		Claims: storage.Claims{
 			UserID:        "1",
 			Username:      "jane",

diff --git a/storage/etcd/etcd.go b/storage/etcd/etcd.go
@@ -156,7 +156,11 @@ func (c *conn) CreateAuthCode(a storage.AuthCode) error {
 func (c *conn) GetAuthCode(id string) (a storage.AuthCode, err error) {
 	ctx, cancel := context.WithTimeout(context.Background(), defaultStorageTimeout)
 	defer cancel()
-	err = c.getKey(ctx, keyID(authCodePrefix, id), &a)
+	var ac AuthCode
+	err = c.getKey(ctx, keyID(authCodePrefix, id), &ac)
+	if err == nil {
+		a = toStorageAuthCode(ac)
+	}
 	return a, err
 }
 

diff --git a/storage/etcd/types.go b/storage/etcd/types.go
@@ -26,6 +26,24 @@ type AuthCode struct {
 	CodeChallengeMethod string `json:"code_challenge_method,omitempty"`
 }
 
+func toStorageAuthCode(a AuthCode) storage.AuthCode {
+	return storage.AuthCode{
+		ID:            a.ID,
+		ClientID:      a.ClientID,
+		RedirectURI:   a.RedirectURI,
+		ConnectorID:   a.ConnectorID,
+		ConnectorData: a.ConnectorData,
+		Nonce:         a.Nonce,
+		Scopes:        a.Scopes,
+		Claims:        toStorageClaims(a.Claims),
+		Expiry:        a.Expiry,
+		PKCE: storage.PKCE{
+			CodeChallenge:       a.CodeChallenge,
+			CodeChallengeMethod: a.CodeChallengeMethod,
+		},
+	}
+}
+
 func fromStorageAuthCode(a storage.AuthCode) AuthCode {
 	return AuthCode{
 		ID:                  a.ID,