diff --git a/src/test/java/com/ysoft/geecon/AuthCodeGrantTest.java b/src/test/java/com/ysoft/geecon/AuthCodeGrantTest.java
index fdc57d6..b9a65a2 100644
--- a/src/test/java/com/ysoft/geecon/AuthCodeGrantTest.java
+++ b/src/test/java/com/ysoft/geecon/AuthCodeGrantTest.java
@@ -69,4 +69,24 @@ public class AuthCodeGrantTest {
 
         assertThat(flow.getAccessToken(), is(notNullValue()));
     }
+
+    @Test
+    public void authCodeGrantWithPkce() throws IOException {
+        AuthorizationCodeFlow flow = new AuthorizationCodeFlow(authUrl, CLIENT);
+        flow.setPkce("PnRLncOTibrwxaBmBYm4QC89u0m4mz518sk1WFKjxnc", "bbb");
+        LoginScreen loginScreen = flow.start(Map.of("scope", "scope1 scope2"));
+
+        ConsentScreen consentScreen = loginScreen.submitCorrect("bob", "password");
+        assertThat(consentScreen.getScopes(), is(List.of("scope1", "scope2")));
+
+        Document submit = consentScreen.submit();
+        flow.parseAndValidateRedirect(submit.connection().response());
+
+        assertThat(flow.getCode(), is(notNullValue()));
+        assertThat(flow.getAccessToken(), is(nullValue()));
+        flow.exchangeCode();
+
+        assertThat(flow.getAccessToken(), is(notNullValue()));
+
+    }
 }
\ No newline at end of file
diff --git a/src/test/java/com/ysoft/geecon/helpers/AuthorizationCodeFlow.java b/src/test/java/com/ysoft/geecon/helpers/AuthorizationCodeFlow.java
index 9c86d04..e87e5ab 100644
--- a/src/test/java/com/ysoft/geecon/helpers/AuthorizationCodeFlow.java
+++ b/src/test/java/com/ysoft/geecon/helpers/AuthorizationCodeFlow.java
@@ -25,6 +25,8 @@ public class AuthorizationCodeFlow {
     private final String authUrl;
     private final OAuthClient client;
     private String state = "testStateIsNotRandom";
+    private String codeChallenge;
+    private String codeVerifier;
     private String code;
     private String accessToken;
     private String idToken;
@@ -52,6 +54,10 @@ public class AuthorizationCodeFlow {
         map.put("client_id", client.clientId());
         map.put("redirect_uri", client.redirectUri());
         map.put("state", state);
+        if (codeChallenge != null) {
+            map.put("code_challenge", codeChallenge);
+            map.put("code_challenge_method", "S256");
+        }
         return map;
     }
 
@@ -71,11 +77,17 @@ public class AuthorizationCodeFlow {
     }
 
     public AccessTokenResponse exchangeCode() {
+        Map<String, String> tokenForm = new HashMap<>();
+        tokenForm.put("grant_type", "authorization_code");
+        tokenForm.put("client_id", client.clientId());
+        tokenForm.put("redirect_uri", client.redirectUri());
+        tokenForm.put("code", code);
+        if (codeVerifier != null) {
+            tokenForm.put("code_verifier", codeVerifier);
+        }
+
         AccessTokenResponse accessTokenResponse = given()
-                .formParam("grant_type", "authorization_code")
-                .formParam("client_id", client.clientId())
-                .formParam("redirect_uri", client.redirectUri())
-                .formParam("code", code)
+                .formParams(tokenForm)
                 .when()
                 .post("/auth/token")
                 .then()
@@ -106,4 +118,9 @@ public class AuthorizationCodeFlow {
     public String getIdToken() {
         return idToken;
     }
+
+    public void setPkce(String codeChallenge, String codeVerifier) {
+        this.codeChallenge = codeChallenge;
+        this.codeVerifier = codeVerifier;
+    }
 }