diff --git a/endpoints/endpoints.go b/endpoints/endpoints.go
index 950754ce4..d6e575e1f 100644
--- a/endpoints/endpoints.go
+++ b/endpoints/endpoints.go
@@ -35,6 +35,12 @@ var Cern = oauth2.Endpoint{
 	TokenURL: "https://oauth.web.cern.ch/OAuth/Token",
 }
 
+// Discord is the endpoint for Discord.
+var Discord = oauth2.Endpoint{
+	AuthURL:  "https://discord.com/oauth2/authorize",
+	TokenURL: "https://discord.com/api/oauth2/token",
+}
+
 // Facebook is the endpoint for Facebook.
 var Facebook = oauth2.Endpoint{
 	AuthURL:  "https://www.facebook.com/v3.2/dialog/oauth",
@@ -146,6 +152,12 @@ var Odnoklassniki = oauth2.Endpoint{
 	TokenURL: "https://api.odnoklassniki.ru/oauth/token.do",
 }
 
+// Patreon is the endpoint for Patreon.
+var Patreon = oauth2.Endpoint{
+	AuthURL:  "https://www.patreon.com/oauth2/authorize",
+	TokenURL: "https://www.patreon.com/api/oauth2/token",
+}
+
 // PayPal is the endpoint for PayPal.
 var PayPal = oauth2.Endpoint{
 	AuthURL:  "https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize",
diff --git a/go.mod b/go.mod
index d73aa6996..da302fb45 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module golang.org/x/oauth2
 
-go 1.18
+go 1.23.0
 
 require (
 	cloud.google.com/go/compute/metadata v0.3.0
diff --git a/jws/jws.go b/jws/jws.go
index 95015648b..6f03a49d3 100644
--- a/jws/jws.go
+++ b/jws/jws.go
@@ -165,11 +165,11 @@ func Encode(header *Header, c *ClaimSet, key *rsa.PrivateKey) (string, error) {
 // Verify tests whether the provided JWT token's signature was produced by the private key
 // associated with the supplied public key.
 func Verify(token string, key *rsa.PublicKey) error {
-	parts := strings.Split(token, ".")
-	if len(parts) != 3 {
+	if strings.Count(token, ".") != 2 {
 		return errors.New("jws: invalid token received, token must have 3 parts")
 	}
 
+	parts := strings.SplitN(token, ".", 3)
 	signedContent := parts[0] + "." + parts[1]
 	signatureString, err := base64.RawURLEncoding.DecodeString(parts[2])
 	if err != nil {
diff --git a/pkce.go b/pkce.go
index 50593b6df..6a95da975 100644
--- a/pkce.go
+++ b/pkce.go
@@ -21,7 +21,7 @@ const (
 //
 // A fresh verifier should be generated for each authorization.
 // S256ChallengeOption(verifier) should then be passed to Config.AuthCodeURL
-// (or Config.DeviceAccess) and VerifierOption(verifier) to Config.Exchange
+// (or Config.DeviceAuth) and VerifierOption(verifier) to Config.Exchange
 // (or Config.DeviceAccessToken).
 func GenerateVerifier() string {
 	// "RECOMMENDED that the output of a suitable random number generator be
@@ -51,7 +51,7 @@ func S256ChallengeFromVerifier(verifier string) string {
 }
 
 // S256ChallengeOption derives a PKCE code challenge derived from verifier with
-// method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAccess
+// method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAuth
 // only.
 func S256ChallengeOption(verifier string) AuthCodeOption {
 	return challengeOption{