From 451359dc4d87885f8f41ed14f37b10fb704706af Mon Sep 17 00:00:00 2001
From: Danilo Reyes <danilo.reyes.251@proton.me>
Date: Wed, 10 Dec 2025 04:40:01 -0600
Subject: [PATCH] Add code-challenge-method to oauth2-proxy configuration for
 enhanced security compliance

---
 modules/servers/oauth2-proxy.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/servers/oauth2-proxy.nix b/modules/servers/oauth2-proxy.nix
index 33c8511..21b33c6 100644
--- a/modules/servers/oauth2-proxy.nix
+++ b/modules/servers/oauth2-proxy.nix
@@ -44,6 +44,7 @@ in
         auth-logging = true;
         session-store-type = "cookie";
         skip-provider-button = true;
+        code-challenge-method = "S256";
       };
     };
   };