stacklok
diff --git a/‎docs/server/docs.go‎
Lines changed: 1 addition & 1 deletion b/‎docs/server/docs.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/server/swagger.json‎
Lines changed: 1 addition & 1 deletion b/‎docs/server/swagger.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/server/swagger.yaml‎
Lines changed: 14 additions & 9 deletions b/‎docs/server/swagger.yaml‎
Lines changed: 14 additions & 9 deletions
diff --git a/‎pkg/api/v1/workload_service.go‎
Lines changed: 2 additions & 0 deletions b/‎pkg/api/v1/workload_service.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎pkg/api/v1/workload_types.go‎
Lines changed: 1 addition & 0 deletions b/‎pkg/api/v1/workload_types.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎pkg/api/v1/workloads_types_test.go‎
Lines changed: 2 additions & 0 deletions b/‎pkg/api/v1/workloads_types_test.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎pkg/runner/config.go‎
Lines changed: 14 additions & 13 deletions b/‎pkg/runner/config.go‎
Lines changed: 14 additions & 13 deletions
@@ -167,6 +167,7 @@ func (s *WorkloadService) BuildFullRunConfig(ctx context.Context, req *createReq
 					Issuer:       remoteServerMetadata.OAuthConfig.Issuer,
 					AuthorizeURL: remoteServerMetadata.OAuthConfig.AuthorizeURL,
 					TokenURL:     remoteServerMetadata.OAuthConfig.TokenURL,
+					UsePKCE:      remoteServerMetadata.OAuthConfig.UsePKCE,
 					OAuthParams:  remoteServerMetadata.OAuthConfig.OAuthParams,
 					Headers:      remoteServerMetadata.Headers,
 					EnvVars:      remoteServerMetadata.EnvVars,
@@ -270,6 +271,7 @@ func createRequestToRemoteAuthConfig(
 		Issuer:       req.OAuthConfig.Issuer,
 		AuthorizeURL: req.OAuthConfig.AuthorizeURL,
 		TokenURL:     req.OAuthConfig.TokenURL,
+		UsePKCE:      req.OAuthConfig.UsePKCE,
 		OAuthParams:  req.OAuthConfig.OAuthParams,
 		CallbackPort: req.OAuthConfig.CallbackPort,
 		SkipBrowser:  req.OAuthConfig.SkipBrowser,
 
@@ -207,6 +207,7 @@ func runConfigToCreateRequest(runConfig *runner.RunConfig) *createRequest {
 			TokenURL:     runConfig.RemoteAuthConfig.TokenURL,
 			ClientID:     runConfig.RemoteAuthConfig.ClientID,
 			Scopes:       runConfig.RemoteAuthConfig.Scopes,
+			UsePKCE:      runConfig.RemoteAuthConfig.UsePKCE,
 			OAuthParams:  runConfig.RemoteAuthConfig.OAuthParams,
 			CallbackPort: runConfig.RemoteAuthConfig.CallbackPort,
 			SkipBrowser:  runConfig.RemoteAuthConfig.SkipBrowser,
 
@@ -158,6 +158,7 @@ func TestRunConfigToCreateRequest(t *testing.T) {
 				TokenURL:     "https://oauth.example.com/token",
 				ClientID:     "test-client",
 				Scopes:       []string{"read", "write"},
+				UsePKCE:      true,
 				OAuthParams:  map[string]string{"custom": "param"},
 				CallbackPort: 8081,
 			},
@@ -172,6 +173,7 @@ func TestRunConfigToCreateRequest(t *testing.T) {
 		assert.Equal(t, "https://oauth.example.com/token", result.OAuthConfig.TokenURL)
 		assert.Equal(t, "test-client", result.OAuthConfig.ClientID)
 		assert.Equal(t, []string{"read", "write"}, result.OAuthConfig.Scopes)
+		assert.True(t, result.OAuthConfig.UsePKCE)
 		assert.Equal(t, map[string]string{"custom": "param"}, result.OAuthConfig.OAuthParams)
 		assert.Equal(t, 8081, result.OAuthConfig.CallbackPort)
 	})
 
@@ -438,27 +438,28 @@ func LoadState(ctx context.Context, name string) (*RunConfig, error) {
 
 // RemoteAuthConfig holds configuration for remote authentication
 type RemoteAuthConfig struct {
-	ClientID         string
-	ClientSecret     string
-	ClientSecretFile string
-	Scopes           []string
-	SkipBrowser      bool
-	Timeout          time.Duration `swaggertype:"string" example:"5m"`
-	CallbackPort     int
+	ClientID         string        `json:"client_id,omitempty" yaml:"client_id,omitempty"`
+	ClientSecret     string        `json:"client_secret,omitempty" yaml:"client_secret,omitempty"`
+	ClientSecretFile string        `json:"client_secret_file,omitempty" yaml:"client_secret_file,omitempty"`
+	Scopes           []string      `json:"scopes,omitempty" yaml:"scopes,omitempty"`
+	SkipBrowser      bool          `json:"skip_browser,omitempty" yaml:"skip_browser,omitempty"`
+	Timeout          time.Duration `json:"timeout,omitempty" yaml:"timeout,omitempty" swaggertype:"string" example:"5m"`
+	CallbackPort     int           `json:"callback_port,omitempty" yaml:"callback_port,omitempty"`
+	UsePKCE          bool          `json:"use_pkce" yaml:"use_pkce"`
 
 	// OAuth endpoint configuration (from registry)
-	Issuer       string
-	AuthorizeURL string
-	TokenURL     string
+	Issuer       string `json:"issuer,omitempty" yaml:"issuer,omitempty"`
+	AuthorizeURL string `json:"authorize_url,omitempty" yaml:"authorize_url,omitempty"`
+	TokenURL     string `json:"token_url,omitempty" yaml:"token_url,omitempty"`
 
 	// Headers for HTTP requests
-	Headers []*registry.Header
+	Headers []*registry.Header `json:"headers,omitempty" yaml:"headers,omitempty"`
 
 	// Environment variables for the client
-	EnvVars []*registry.EnvVar
+	EnvVars []*registry.EnvVar `json:"env_vars,omitempty" yaml:"env_vars,omitempty"`
 
 	// OAuth parameters for server-specific customization
-	OAuthParams map[string]string
+	OAuthParams map[string]string `json:"oauth_params,omitempty" yaml:"oauth_params,omitempty"`
 }
 
 // ToolOverride represents a tool override.