diff --git a/lib/puppet/provider/keycloak_client/kcadm.rb b/lib/puppet/provider/keycloak_client/kcadm.rb
index a1630b92..5decba0c 100644
--- a/lib/puppet/provider/keycloak_client/kcadm.rb
+++ b/lib/puppet/provider/keycloak_client/kcadm.rb
@@ -21,7 +21,8 @@ def attributes_properties
       :saml_client_signature,
       :saml_signing_certificate,
       :saml_encryption_certificate,
-      :saml_signing_private_key
+      :saml_signing_private_key,
+      :pkce_code_challenge_method
     ]
   end
 
@@ -34,7 +35,8 @@ def dot_attributes_properties
       :saml_client_signature,
       :saml_signing_certificate,
       :saml_encryption_certificate,
-      :saml_signing_private_key
+      :saml_signing_private_key,
+      :pkce_code_challenge_method
     ]
   end
 
diff --git a/lib/puppet/type/keycloak_client.rb b/lib/puppet/type/keycloak_client.rb
index 2ce969be..7c3098a6 100644
--- a/lib/puppet/type/keycloak_client.rb
+++ b/lib/puppet/type/keycloak_client.rb
@@ -245,6 +245,12 @@ def insync?(is)
     defaultto []
   end
 
+  newproperty(:pkce_code_challenge_method) do
+    desc 'PKCE Code Challenge Method for OAuth 2.0 flows'
+    newvalues('S256', 'plain', :absent)
+    defaultto :absent
+  end
+
   autorequire(:keycloak_client_scope) do
     requires = []
     catalog.resources.each do |resource|