ChimeHQ · mattmassicotte · Jun 16, 2026 · Jun 13, 2026
diff --git a/Sources/OAuthenticator/Authenticator.swift b/Sources/OAuthenticator/Authenticator.swift
@@ -309,7 +309,7 @@ extension Authenticator {
 
 		let authConfig = TokenHandling.AuthorizationURLParameters(
 			credentials: config.appCredentials,
-			pcke: config.tokenHandling.pkce,
+			pkce: config.tokenHandling.pkce,
 			parRequestURI: parRequestURI,
 			stateToken: stateToken,
 			responseProvider: { try await self.dpopResponse(for: $0, login: nil, isAuthServer: true) }
@@ -327,7 +327,7 @@ extension Authenticator {
 			redirectURL: callbackURL,
 			responseProvider: { try await self.dpopResponse(for: $0, login: nil, isAuthServer: true) },
 			stateToken: stateToken,
-			pcke: config.tokenHandling.pkce
+			pkce: config.tokenHandling.pkce
 		)
 
 		let login = try await config.tokenHandling.loginProvider(params)

diff --git a/Sources/OAuthenticator/Models.swift b/Sources/OAuthenticator/Models.swift
@@ -134,7 +134,7 @@ public struct TokenHandling: Sendable {
 
 	public struct AuthorizationURLParameters: Sendable {
 		public let credentials: AppCredentials
-		public let pcke: PKCEVerifier?
+		public let pkce: PKCEVerifier?
 		public let parRequestURI: String?
 		public let stateToken: String
 		public let responseProvider: URLResponseProvider
@@ -146,22 +146,22 @@ public struct TokenHandling: Sendable {
 		public let redirectURL: URL
 		public let responseProvider: URLResponseProvider
 		public let stateToken: String
-		public let pcke: PKCEVerifier?
+		public let pkce: PKCEVerifier?
 
 		public init(
 			authorizationURL: URL,
 			credentials: AppCredentials,
 			redirectURL: URL,
 			responseProvider: @escaping URLResponseProvider,
 			stateToken: String,
-			pcke: PKCEVerifier?
+			pkce: PKCEVerifier?
 		) {
 			self.authorizationURL = authorizationURL
 			self.credentials = credentials
 			self.redirectURL = redirectURL
 			self.responseProvider = responseProvider
 			self.stateToken = stateToken
-			self.pcke = pcke
+			self.pkce = pkce
 		}
 	}
 

diff --git a/Sources/OAuthenticator/Services/Bluesky.swift b/Sources/OAuthenticator/Services/Bluesky.swift
@@ -148,7 +148,7 @@ public enum Bluesky {
 				throw AuthenticatorError.issuingServerMismatch(iss, server.issuer)
 			}
 
-			guard let verifier = params.pcke?.verifier else {
+			guard let verifier = params.pkce?.verifier else {
 				throw AuthenticatorError.pkceRequired
 			}
 

diff --git a/Tests/OAuthenticatorTests/BlueskyTests.swift b/Tests/OAuthenticatorTests/BlueskyTests.swift
@@ -53,7 +53,7 @@ struct BlueskyTests {
 			redirectURL: URL(string: "app.test://callback?code=123&state=state&iss=this_is_incorrect")!,
 			responseProvider: provider,
 			stateToken: "state",
-			pcke: verifier
+			pkce: verifier
 		)
 
 		await #expect(throws: AuthenticatorError.issuingServerMismatch("this_is_incorrect", "https://server-metadata.test")) {
@@ -113,7 +113,7 @@ struct BlueskyTests {
 			redirectURL: URL(string: "app.test:/callback?code=123&state=state&iss=https://server-metadata.test")!,
 			responseProvider: provider,
 			stateToken: "state",
-			pcke: verifier
+			pkce: verifier
 		)
 
 		await #expect(throws: AuthenticatorError.tokenInvalid) {

diff --git a/Tests/OAuthenticatorTests/GoogleTests.swift b/Tests/OAuthenticatorTests/GoogleTests.swift
@@ -42,7 +42,7 @@ struct GoogleTests {
         // Validate URL is properly constructed
 		let params = TokenHandling.AuthorizationURLParameters(
 			credentials: creds,
-			pcke: nil,
+			pkce: nil,
 			parRequestURI: nil,
 			stateToken: "unused",
 			responseProvider: provider
@@ -79,7 +79,7 @@ struct GoogleTests {
         // Validate URL is properly constructed
 		let params = TokenHandling.AuthorizationURLParameters(
 			credentials: creds,
-			pcke: nil,
+			pkce: nil,
 			parRequestURI: nil,
 			stateToken: "unused",
 			responseProvider: provider