chore: fix casing of OAuth

src/lib/errors.js

@@ -25,7 +25,7 @@ class CreateUserError extends UnknownError {
 }
 
 // Thrown when an Email address is already associated with an account
-// but the user is trying an oAuth account that is not linked to it.
+// but the user is trying an OAuth account that is not linked to it.
 class AccountNotLinkedError extends UnknownError {
   constructor (message) {
     super(message)

src/server/index.js

@@ -62,7 +62,7 @@ async function NextAuth (req, res, userSuppliedOptions) {
     // Secret used salt cookies and tokens (e.g. for CSRF protection).
     // If no secret option is specified then it creates one on the fly
     // based on options passed here. A options contains unique data, such as
-    // oAuth provider secrets and database credentials it should be sufficent.
+    // OAuth provider secrets and database credentials it should be sufficent.
     const secret = userSuppliedOptions.secret || createHash('sha256').update(JSON.stringify({ baseUrl, basePath, ...userSuppliedOptions })).digest('hex')
 
     // Use secure cookies if the site uses HTTPS

src/server/lib/callback-handler.js

@@ -2,10 +2,10 @@
 // linking (or not linking) accounts depending on if the user is currently logged
 // in, if they have account already and the authentication mechanism they are using.
 //
-// It prevents insecure behaviour, such as linking oAuth accounts unless a user is
+// It prevents insecure behaviour, such as linking OAuth accounts unless a user is
 // signed in and authenticated with an existing valid account.
 //
-// All verification (e.g. oAuth flows or email address verificaiton flows) are
+// All verification (e.g. OAuth flows or email address verificaiton flows) are
 // done prior to this handler being called to avoid additonal complexity in this
 // handler.
 import { AccountNotLinkedError } from '../../lib/errors'
@@ -136,7 +136,7 @@ export default async (sessionToken, profile, providerAccount, options) => {
         }
       } else {
         if (isSignedIn) {
-          // If the user is already signed in and the oAuth account isn't already associated
+          // If the user is already signed in and the OAuth account isn't already associated
           // with another user account then we can go ahead and link the accounts safely.
           await linkAccount(
             user.id,
@@ -157,28 +157,28 @@ export default async (sessionToken, profile, providerAccount, options) => {
           }
         }
 
-        // If the user is not signed in and it looks like a new oAuth account then we
+        // If the user is not signed in and it looks like a new OAuth account then we
         // check there also isn't an user account already associated with the same
-        // email address as the one in the oAuth profile.
+        // email address as the one in the OAuth profile.
         //
-        // This step is often overlooked in oAuth implementations, but covers the following cases:
+        // This step is often overlooked in OAuth implementations, but covers the following cases:
         //
         // 1. It makes it harder for someone to accidentally create two accounts.
         //    e.g. by signin in with email, then again with an oauth account connected to the same email.
-        // 2. It makes it harder to hijack a user account using a 3rd party oAuth account.
+        // 2. It makes it harder to hijack a user account using a 3rd party OAuth account.
         //    e.g. by creating an oauth account then changing the email address associated with it.
         //
         // It's quite common for services to automatically link accounts in this case, but it's
         // better practice to require the user to sign in *then* link accounts to be sure
-        // someone is not exploiting a problem with a third party oAuth service.
+        // someone is not exploiting a problem with a third party OAuth service.
         //
-        // oAuth providers should require email address verification to prevent this, but in
+        // OAuth providers should require email address verification to prevent this, but in
         // practice that is not always the case; this helps protect against that.
         const userByEmail = profile.email ? await getUserByEmail(profile.email) : null
         if (userByEmail) {
           // We end up here when we don't have an account with the same [provider].id *BUT*
           // we do already have an account with the same email address as the one in the
-          // oAuth profile the user has just tried to sign in with.
+          // OAuth profile the user has just tried to sign in with.
           //
           // We don't want to have two accounts with the same email address, and we don't
           // want to link them in case it's not safe to do so, so instead we prompt the user
@@ -189,7 +189,7 @@ export default async (sessionToken, profile, providerAccount, options) => {
           // accounts (by email or provider account id)...
           //
           // If no account matching the same [provider].id or .email exists, we can
-          // create a new account for the user, link it to the oAuth acccount and
+          // create a new account for the user, link it to the OAuth acccount and
           // create a new session for them so they are signed in with it.
           user = await createUser(profile)
           await dispatchEvent(events.createUser, user)

src/server/lib/oauth/callback.js

@@ -28,7 +28,7 @@ export default async (req, provider, csrfToken, callback) => {
     if (!Object.prototype.hasOwnProperty.call(provider, 'state') || provider.state === true) {
       const expectedState = createHash('sha256').update(csrfToken).digest('hex')
       if (state !== expectedState) {
-        return callback(new Error('Invalid state returned from oAuth provider'))
+        return callback(new Error('Invalid state returned from OAuth provider'))
       }
     }
 
@@ -103,7 +103,7 @@ export default async (req, provider, csrfToken, callback) => {
       }
     )
   } else {
-    // Handle oAuth v1.x
+    // Handle OAuth v1.x
     await client.getOAuthAccessToken(
       oauth_token,
       null,
@@ -211,7 +211,7 @@ async function _getOAuthAccessToken (code, provider, callback) {
   if (!params.redirect_uri) { params.redirect_uri = provider.callbackUrl }
 
   if (!headers['Content-Type']) { headers['Content-Type'] = 'application/x-www-form-urlencoded' }
-  // Added as a fix to accomodate change in Twitch oAuth API
+  // Added as a fix to accomodate change in Twitch OAuth API
   if (!headers['Client-ID']) { headers['Client-ID'] = provider.clientId }
   // Added as a fix for Reddit Authentication
   if (provider.id === 'reddit') {

src/server/lib/oauth/client.js

@@ -5,7 +5,7 @@ import { OAuth, OAuth2 } from 'oauth'
 
 export default (provider) => {
   if (provider.version && provider.version.startsWith('2.')) {
-    // Handle oAuth v2.x
+    // Handle OAuth v2.x
     const basePath = new URL(provider.authorizationUrl).origin
     const authorizePath = new URL(provider.authorizationUrl).pathname
     const accessTokenPath = new URL(provider.accessTokenUrl).pathname
@@ -17,7 +17,7 @@ export default (provider) => {
       accessTokenPath,
       provider.headers)
   } else {
-    // Handle oAuth v1.x
+    // Handle OAuth v1.x
     return new OAuth(
       provider.requestTokenUrl,
       provider.accessTokenUrl,

src/server/lib/signin/oauth.js

@@ -6,7 +6,7 @@ export default (provider, csrfToken, callback, authParams) => {
   const { callbackUrl } = provider
   const client = oAuthClient(provider)
   if (provider.version && provider.version.startsWith('2.')) {
-    // Handle oAuth v2.x
+    // Handle OAuth v2.x
     let url = client.getAuthorizeUrl({
       ...authParams,
       redirect_uri: provider.callbackUrl,
@@ -31,7 +31,7 @@ export default (provider, csrfToken, callback, authParams) => {
 
     callback(null, url)
   } else {
-    // Handle oAuth v1.x
+    // Handle OAuth v1.x
     client.getOAuthRequestToken((error, oAuthToken) => {
       if (error) {
         logger.error('GET_AUTHORISATION_URL_ERROR', error)

src/server/routes/callback.js

@@ -118,7 +118,7 @@ export default async (req, res, options, done) => {
           return redirect(callbackUrl || baseUrl)
         } catch (error) {
           if (error.name === 'AccountNotLinkedError') {
-            // If the email on the account is already linked, but nto with this oAuth account
+            // If the email on the account is already linked, but nto with this OAuth account
             return redirect(`${baseUrl}${basePath}/error?error=OAuthAccountNotLinked`)
           } else if (error.name === 'CreateUserError') {
             return redirect(`${baseUrl}${basePath}/error?error=OAuthCreateAccount`)