diff --git a/apps/web/src/auth/providers/oidc.ts b/apps/web/src/auth/providers/oidc.ts
index c7732e896..c22795291 100644
--- a/apps/web/src/auth/providers/oidc.ts
+++ b/apps/web/src/auth/providers/oidc.ts
@@ -19,7 +19,7 @@ export const OIDCProvider = () => {
       clientId: process.env.OIDC_CLIENT_ID,
       clientSecret: process.env.OIDC_CLIENT_SECRET,
       idToken: true,
-      checks: ["state"],
+      checks: ["pkce", "state"],
       allowDangerousEmailAccountLinking: true,
       profile(profile) {
         return {