diff --git a/oauthproxy.go b/oauthproxy.go
index 28df21f4..02891612 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -270,7 +270,7 @@ func buildSessionChain(opts *options.Options, sessionStore sessionsapi.SessionSt
 		if opts.GetOIDCVerifier() != nil {
 			sessionLoaders = append(sessionLoaders, middlewareapi.TokenToSessionLoader{
 				Verifier:       opts.GetOIDCVerifier(),
-				TokenToSession: opts.GetProvider().CreateSessionStateFromBearerToken,
+				TokenToSession: opts.GetProvider().CreateSessionFromBearer,
 			})
 		}
 
@@ -291,7 +291,7 @@ func buildSessionChain(opts *options.Options, sessionStore sessionsapi.SessionSt
 		SessionStore:           sessionStore,
 		RefreshPeriod:          opts.Cookie.Refresh,
 		RefreshSessionIfNeeded: opts.GetProvider().RefreshSessionIfNeeded,
-		ValidateSessionState:   opts.GetProvider().ValidateSessionState,
+		ValidateSessionState:   opts.GetProvider().ValidateSession,
 	}))
 
 	return chain
@@ -416,7 +416,7 @@ func (p *OAuthProxy) enrichSessionState(ctx context.Context, s *sessionsapi.Sess
 		}
 	}
 
-	return p.provider.EnrichSessionState(ctx, s)
+	return p.provider.EnrichSession(ctx, s)
 }
 
 // MakeCSRFCookie creates a cookie for CSRF
diff --git a/oauthproxy_test.go b/oauthproxy_test.go
index 6ed4b30c..fe68c90e 100644
--- a/oauthproxy_test.go
+++ b/oauthproxy_test.go
@@ -400,7 +400,7 @@ func (tp *TestProvider) GetEmailAddress(_ context.Context, _ *sessions.SessionSt
 	return tp.EmailAddress, nil
 }
 
-func (tp *TestProvider) ValidateSessionState(_ context.Context, _ *sessions.SessionState) bool {
+func (tp *TestProvider) ValidateSession(_ context.Context, _ *sessions.SessionState) bool {
 	return tp.ValidToken
 }
 
diff --git a/providers/digitalocean.go b/providers/digitalocean.go
index 94b2ea90..b5bd4be4 100644
--- a/providers/digitalocean.go
+++ b/providers/digitalocean.go
@@ -83,6 +83,6 @@ func (p *DigitalOceanProvider) GetEmailAddress(ctx context.Context, s *sessions.
 }
 
 // ValidateSessionState validates the AccessToken
-func (p *DigitalOceanProvider) ValidateSessionState(ctx context.Context, s *sessions.SessionState) bool {
+func (p *DigitalOceanProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
 	return validateToken(ctx, p, s.AccessToken, makeOIDCHeader(s.AccessToken))
 }
diff --git a/providers/facebook.go b/providers/facebook.go
index d2ae132d..e3babc0d 100644
--- a/providers/facebook.go
+++ b/providers/facebook.go
@@ -89,6 +89,6 @@ func (p *FacebookProvider) GetEmailAddress(ctx context.Context, s *sessions.Sess
 }
 
 // ValidateSessionState validates the AccessToken
-func (p *FacebookProvider) ValidateSessionState(ctx context.Context, s *sessions.SessionState) bool {
+func (p *FacebookProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
 	return validateToken(ctx, p, s.AccessToken, makeOIDCHeader(s.AccessToken))
 }
diff --git a/providers/github.go b/providers/github.go
index d1be571f..7d029ffc 100644
--- a/providers/github.go
+++ b/providers/github.go
@@ -103,7 +103,7 @@ func (p *GitHubProvider) SetUsers(users []string) {
 }
 
 // EnrichSessionState updates the User & Email after the initial Redeem
-func (p *GitHubProvider) EnrichSessionState(ctx context.Context, s *sessions.SessionState) error {
+func (p *GitHubProvider) EnrichSession(ctx context.Context, s *sessions.SessionState) error {
 	err := p.getEmail(ctx, s)
 	if err != nil {
 		return err
@@ -112,7 +112,7 @@ func (p *GitHubProvider) EnrichSessionState(ctx context.Context, s *sessions.Ses
 }
 
 // ValidateSessionState validates the AccessToken
-func (p *GitHubProvider) ValidateSessionState(ctx context.Context, s *sessions.SessionState) bool {
+func (p *GitHubProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
 	return validateToken(ctx, p, s.AccessToken, makeGitHubHeader(s.AccessToken))
 }
 
diff --git a/providers/gitlab.go b/providers/gitlab.go
index a04beca6..bb02f4df 100644
--- a/providers/gitlab.go
+++ b/providers/gitlab.go
@@ -188,13 +188,13 @@ func (p *GitLabProvider) createSessionState(ctx context.Context, token *oauth2.T
 }
 
 // ValidateSessionState checks that the session's IDToken is still valid
-func (p *GitLabProvider) ValidateSessionState(ctx context.Context, s *sessions.SessionState) bool {
+func (p *GitLabProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
 	_, err := p.Verifier.Verify(ctx, s.IDToken)
 	return err == nil
 }
 
 // GetEmailAddress returns the Account email address
-func (p *GitLabProvider) EnrichSessionState(ctx context.Context, s *sessions.SessionState) error {
+func (p *GitLabProvider) EnrichSession(ctx context.Context, s *sessions.SessionState) error {
 	// Retrieve user info
 	userInfo, err := p.getUserInfo(ctx, s)
 	if err != nil {
diff --git a/providers/gitlab_test.go b/providers/gitlab_test.go
index 12b9d6f4..e3d974bf 100644
--- a/providers/gitlab_test.go
+++ b/providers/gitlab_test.go
@@ -64,7 +64,7 @@ func TestGitLabProviderBadToken(t *testing.T) {
 	p := testGitLabProvider(bURL.Host)
 
 	session := &sessions.SessionState{AccessToken: "unexpected_gitlab_access_token"}
-	err := p.EnrichSessionState(context.Background(), session)
+	err := p.EnrichSession(context.Background(), session)
 	assert.Error(t, err)
 }
 
@@ -76,7 +76,7 @@ func TestGitLabProviderUnverifiedEmailDenied(t *testing.T) {
 	p := testGitLabProvider(bURL.Host)
 
 	session := &sessions.SessionState{AccessToken: "gitlab_access_token"}
-	err := p.EnrichSessionState(context.Background(), session)
+	err := p.EnrichSession(context.Background(), session)
 	assert.Error(t, err)
 }
 
@@ -89,7 +89,7 @@ func TestGitLabProviderUnverifiedEmailAllowed(t *testing.T) {
 	p.AllowUnverifiedEmail = true
 
 	session := &sessions.SessionState{AccessToken: "gitlab_access_token"}
-	err := p.EnrichSessionState(context.Background(), session)
+	err := p.EnrichSession(context.Background(), session)
 	assert.NoError(t, err)
 	assert.Equal(t, "foo@bar.com", session.Email)
 }
@@ -103,7 +103,7 @@ func TestGitLabProviderUsername(t *testing.T) {
 	p.AllowUnverifiedEmail = true
 
 	session := &sessions.SessionState{AccessToken: "gitlab_access_token"}
-	err := p.EnrichSessionState(context.Background(), session)
+	err := p.EnrichSession(context.Background(), session)
 	assert.NoError(t, err)
 	assert.Equal(t, "FooBar", session.User)
 }
@@ -118,7 +118,7 @@ func TestGitLabProviderGroupMembershipValid(t *testing.T) {
 	p.Groups = []string{"foo"}
 
 	session := &sessions.SessionState{AccessToken: "gitlab_access_token"}
-	err := p.EnrichSessionState(context.Background(), session)
+	err := p.EnrichSession(context.Background(), session)
 	assert.NoError(t, err)
 	assert.Equal(t, "FooBar", session.User)
 }
@@ -133,6 +133,6 @@ func TestGitLabProviderGroupMembershipMissing(t *testing.T) {
 	p.Groups = []string{"baz"}
 
 	session := &sessions.SessionState{AccessToken: "gitlab_access_token"}
-	err := p.EnrichSessionState(context.Background(), session)
+	err := p.EnrichSession(context.Background(), session)
 	assert.Error(t, err)
 }
diff --git a/providers/google.go b/providers/google.go
index 36e84885..a05410e7 100644
--- a/providers/google.go
+++ b/providers/google.go
@@ -179,7 +179,7 @@ func (p *GoogleProvider) Redeem(ctx context.Context, redirectURL, code string) (
 
 // EnrichSessionState checks the listed Google Groups configured and adds any
 // that the user is a member of to session.Groups.
-func (p *GoogleProvider) EnrichSessionState(ctx context.Context, s *sessions.SessionState) error {
+func (p *GoogleProvider) EnrichSession(ctx context.Context, s *sessions.SessionState) error {
 	// TODO (@NickMeves) - Move to pure EnrichSessionState logic and stop
 	// reusing legacy `groupValidator`.
 	//
diff --git a/providers/internal_util_test.go b/providers/internal_util_test.go
index 991243a1..6c2a1b88 100644
--- a/providers/internal_util_test.go
+++ b/providers/internal_util_test.go
@@ -32,7 +32,7 @@ func (tp *ValidateSessionStateTestProvider) GetEmailAddress(ctx context.Context,
 
 // Note that we're testing the internal validateToken() used to implement
 // several Provider's ValidateSessionState() implementations
-func (tp *ValidateSessionStateTestProvider) ValidateSessionState(ctx context.Context, s *sessions.SessionState) bool {
+func (tp *ValidateSessionStateTestProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
 	return false
 }
 
diff --git a/providers/linkedin.go b/providers/linkedin.go
index 4a45cfe0..58217952 100644
--- a/providers/linkedin.go
+++ b/providers/linkedin.go
@@ -94,6 +94,6 @@ func (p *LinkedInProvider) GetEmailAddress(ctx context.Context, s *sessions.Sess
 }
 
 // ValidateSessionState validates the AccessToken
-func (p *LinkedInProvider) ValidateSessionState(ctx context.Context, s *sessions.SessionState) bool {
+func (p *LinkedInProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
 	return validateToken(ctx, p, s.AccessToken, makeLinkedInHeader(s.AccessToken))
 }
diff --git a/providers/oidc.go b/providers/oidc.go
index 0f9fc28a..7c48c42a 100644
--- a/providers/oidc.go
+++ b/providers/oidc.go
@@ -175,7 +175,7 @@ func (p *OIDCProvider) createSessionState(ctx context.Context, token *oauth2.Tok
 	return newSession, nil
 }
 
-func (p *OIDCProvider) CreateSessionStateFromBearerToken(ctx context.Context, rawIDToken string, idToken *oidc.IDToken) (*sessions.SessionState, error) {
+func (p *OIDCProvider) CreateSessionFromBearer(ctx context.Context, rawIDToken string, idToken *oidc.IDToken) (*sessions.SessionState, error) {
 	newSession, err := p.createSessionStateInternal(ctx, idToken, nil)
 	if err != nil {
 		return nil, err
@@ -221,7 +221,7 @@ func (p *OIDCProvider) createSessionStateInternal(ctx context.Context, idToken *
 }
 
 // ValidateSessionState checks that the session's IDToken is still valid
-func (p *OIDCProvider) ValidateSessionState(ctx context.Context, s *sessions.SessionState) bool {
+func (p *OIDCProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
 	_, err := p.Verifier.Verify(ctx, s.IDToken)
 	return err == nil
 }
diff --git a/providers/oidc_test.go b/providers/oidc_test.go
index 2293428b..cc4cdc8a 100644
--- a/providers/oidc_test.go
+++ b/providers/oidc_test.go
@@ -354,7 +354,7 @@ func TestCreateSessionStateFromBearerToken(t *testing.T) {
 			idToken, err := verifier.Verify(context.Background(), rawIDToken)
 			assert.NoError(t, err)
 
-			ss, err := provider.CreateSessionStateFromBearerToken(context.Background(), rawIDToken, idToken)
+			ss, err := provider.CreateSessionFromBearer(context.Background(), rawIDToken, idToken)
 			assert.NoError(t, err)
 
 			assert.Equal(t, tc.ExpectedUser, ss.User)
diff --git a/providers/provider_default.go b/providers/provider_default.go
index 00b70641..7a8c4e40 100644
--- a/providers/provider_default.go
+++ b/providers/provider_default.go
@@ -94,7 +94,7 @@ func (p *ProviderData) GetEmailAddress(_ context.Context, _ *sessions.SessionSta
 
 // EnrichSessionState is called after Redeem to allow providers to enrich session fields
 // such as User, Email, Groups with provider specific API calls.
-func (p *ProviderData) EnrichSessionState(_ context.Context, _ *sessions.SessionState) error {
+func (p *ProviderData) EnrichSession(_ context.Context, _ *sessions.SessionState) error {
 	return nil
 }
 
@@ -115,7 +115,7 @@ func (p *ProviderData) Authorize(_ context.Context, s *sessions.SessionState) (b
 }
 
 // ValidateSessionState validates the AccessToken
-func (p *ProviderData) ValidateSessionState(ctx context.Context, s *sessions.SessionState) bool {
+func (p *ProviderData) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
 	return validateToken(ctx, p, s.AccessToken, nil)
 }
 
@@ -127,6 +127,6 @@ func (p *ProviderData) RefreshSessionIfNeeded(_ context.Context, _ *sessions.Ses
 
 // CreateSessionStateFromBearerToken should be implemented to allow providers
 // to convert ID tokens into sessions
-func (p *ProviderData) CreateSessionStateFromBearerToken(_ context.Context, _ string, _ *oidc.IDToken) (*sessions.SessionState, error) {
+func (p *ProviderData) CreateSessionFromBearer(_ context.Context, _ string, _ *oidc.IDToken) (*sessions.SessionState, error) {
 	return nil, ErrNotImplemented
 }
diff --git a/providers/provider_default_test.go b/providers/provider_default_test.go
index c9e87b33..5f02ecbb 100644
--- a/providers/provider_default_test.go
+++ b/providers/provider_default_test.go
@@ -52,7 +52,7 @@ func TestAcrValuesConfigured(t *testing.T) {
 func TestEnrichSessionState(t *testing.T) {
 	p := &ProviderData{}
 	s := &sessions.SessionState{}
-	assert.NoError(t, p.EnrichSessionState(context.Background(), s))
+	assert.NoError(t, p.EnrichSession(context.Background(), s))
 }
 
 func TestProviderDataAuthorize(t *testing.T) {
diff --git a/providers/providers.go b/providers/providers.go
index 50f4d6b2..09abf725 100644
--- a/providers/providers.go
+++ b/providers/providers.go
@@ -13,12 +13,12 @@ type Provider interface {
 	// DEPRECATED: Migrate to EnrichSessionState
 	GetEmailAddress(ctx context.Context, s *sessions.SessionState) (string, error)
 	Redeem(ctx context.Context, redirectURI, code string) (*sessions.SessionState, error)
-	EnrichSessionState(ctx context.Context, s *sessions.SessionState) error
+	EnrichSession(ctx context.Context, s *sessions.SessionState) error
 	Authorize(ctx context.Context, s *sessions.SessionState) (bool, error)
-	ValidateSessionState(ctx context.Context, s *sessions.SessionState) bool
+	ValidateSession(ctx context.Context, s *sessions.SessionState) bool
 	GetLoginURL(redirectURI, finalRedirect string) string
 	RefreshSessionIfNeeded(ctx context.Context, s *sessions.SessionState) (bool, error)
-	CreateSessionStateFromBearerToken(ctx context.Context, rawIDToken string, idToken *oidc.IDToken) (*sessions.SessionState, error)
+	CreateSessionFromBearer(ctx context.Context, rawIDToken string, idToken *oidc.IDToken) (*sessions.SessionState, error)
 }
 
 // New provides a new Provider based on the configured provider string