diff --git a/eslint.config.js b/eslint.config.js
index a905f77..fa866b5 100644
--- a/eslint.config.js
+++ b/eslint.config.js
@@ -34,6 +34,7 @@ export default [
 			"no-implicit-coercion": "warn",
 			"object-shorthand": "warn",
 			"curly": "warn",
+			"camelcase": "warn",
 			"@stylistic/js/indent": ["warn", "tab"],
 			"@stylistic/js/quotes": ["warn", "double"],
 			"@stylistic/js/semi": "warn",
diff --git a/lib/oauth2.js b/lib/oauth2.js
index 5ab3f95..02abdbc 100644
--- a/lib/oauth2.js
+++ b/lib/oauth2.js
@@ -43,9 +43,9 @@ export function redirectAuthorize({ serverMetadata, clientId, redirectUri, scope
 	// TODO: use the state param to prevent cross-site request
 	// forgery
 	let params = {
-		response_type: "code",
-		client_id: clientId,
-		redirect_uri: redirectUri,
+		"response_type": "code",
+		"client_id": clientId,
+		"redirect_uri": redirectUri,
 	};
 	if (scope) {
 		params.scope = scope;
@@ -66,12 +66,12 @@ function buildPostHeaders(clientId, clientSecret) {
 
 export async function exchangeCode({ serverMetadata, redirectUri, code, clientId, clientSecret }) {
 	let data = {
-		grant_type: "authorization_code",
+		"grant_type": "authorization_code",
 		code,
-		redirect_uri: redirectUri,
+		"redirect_uri": redirectUri,
 	};
 	if (!clientSecret) {
-		data.client_id = clientId;
+		data["client_id"] = clientId;
 	}
 
 	let resp = await fetch(serverMetadata.token_endpoint, {