diff --git a/.golangci.yml b/.golangci.yml
index c658d914f7f592f1695995d0c9ed022323fdb819..d0dcfd9b7dc579df37b451751efa332488cdb58a 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -18,7 +18,6 @@ linters:
         # TODO: fix me
         - unparam
         - golint
-        - whitespace
         - goconst
         - unconvert
         - bodyclose
diff --git a/cmd/dex/config_test.go b/cmd/dex/config_test.go
index 87f1a5787eb34147d39e216f903ee9bd80320de3..1df1f809456fa759719961392e0db6c733af1a8f 100644
--- a/cmd/dex/config_test.go
+++ b/cmd/dex/config_test.go
@@ -211,5 +211,4 @@ logger:
 	if diff := pretty.Compare(c, want); diff != "" {
 		t.Errorf("got!=want: %s", diff)
 	}
-
 }
diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go
index 7d0e0debe47244d17bfbcd88345432ac8ac6f906..293d3e66d93b48977338a442976af20d3915b615 100644
--- a/cmd/dex/serve.go
+++ b/cmd/dex/serve.go
@@ -182,7 +182,6 @@ func serve(cmd *cobra.Command, args []string) error {
 			return fmt.Errorf("failed to initialize storage connectors: %v", err)
 		}
 		storageConnectors[i] = conn
-
 	}
 
 	if c.EnablePasswordDB {
diff --git a/connector/bitbucketcloud/bitbucketcloud.go b/connector/bitbucketcloud/bitbucketcloud.go
index 7d58221a3c0b277f76037c48321533d4fb6c944f..d8ccf2e50aab323a6754dd575f1a74f4044baa67 100644
--- a/connector/bitbucketcloud/bitbucketcloud.go
+++ b/connector/bitbucketcloud/bitbucketcloud.go
@@ -41,7 +41,6 @@ type Config struct {
 
 // Open returns a strategy for logging in through Bitbucket.
 func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
-
 	b := bitbucketConnector{
 		redirectURI:  c.RedirectURI,
 		teams:        c.Teams,
@@ -373,7 +372,6 @@ type userTeamsResponse struct {
 }
 
 func (b *bitbucketConnector) userTeams(ctx context.Context, client *http.Client) ([]string, error) {
-
 	var teams []string
 	apiURL := b.apiURL + "/teams?role=member"
 
diff --git a/connector/bitbucketcloud/bitbucketcloud_test.go b/connector/bitbucketcloud/bitbucketcloud_test.go
index b9f4ba08f822857280f3e34b63dcbb16046254bc..488c7886ca309e16a0df99ff6142ecc96bd9a5b8 100644
--- a/connector/bitbucketcloud/bitbucketcloud_test.go
+++ b/connector/bitbucketcloud/bitbucketcloud_test.go
@@ -14,7 +14,6 @@ import (
 )
 
 func TestUserGroups(t *testing.T) {
-
 	teamsResponse := userTeamsResponse{
 		pagedResponse: pagedResponse{
 			Size:    3,
@@ -46,7 +45,6 @@ func TestUserGroups(t *testing.T) {
 }
 
 func TestUserWithoutTeams(t *testing.T) {
-
 	s := newTestServer(map[string]interface{}{
 		"/teams?role=member": userTeamsResponse{},
 	})
@@ -61,7 +59,6 @@ func TestUserWithoutTeams(t *testing.T) {
 }
 
 func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
-
 	s := newTestServer(map[string]interface{}{
 		"/user": user{Username: "some-login"},
 		"/user/emails": userEmailResponse{
diff --git a/connector/github/github.go b/connector/github/github.go
index d9356e73e027f7fcfec26abde7ebf148bbe0a1d1..41aaf5893006febd0baee8b41bfe22fb59b08117 100644
--- a/connector/github/github.go
+++ b/connector/github/github.go
@@ -67,7 +67,6 @@ type Org struct {
 
 // Open returns a strategy for logging in through GitHub.
 func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
-
 	if c.Org != "" {
 		// Return error if both 'org' and 'orgs' fields are used.
 		if len(c.Orgs) > 0 {
@@ -107,7 +106,6 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error)
 		if g.httpClient, err = newHTTPClient(g.rootCA); err != nil {
 			return nil, fmt.Errorf("failed to create HTTP client: %v", err)
 		}
-
 	}
 	g.loadAllGroups = c.LoadAllGroups
 
diff --git a/connector/github/github_test.go b/connector/github/github_test.go
index 539a2e69c1ab121557a94a444c2ff0d8f2531e7e..76d7463cf60d2763e3c52a6bd46d2b2cfe6e8538 100644
--- a/connector/github/github_test.go
+++ b/connector/github/github_test.go
@@ -126,7 +126,6 @@ func TestUserGroupsWithTeamNameAndSlugFieldConfig(t *testing.T) {
 
 // tests that the users login is used as their username when they have no username set
 func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
-
 	s := newTestServer(map[string]testResponse{
 		"/user": {data: user{Login: "some-login", ID: 12345678}},
 		"/user/emails": {data: []userEmail{{
@@ -168,7 +167,6 @@ func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
 }
 
 func TestLoginUsedAsIDWhenConfigured(t *testing.T) {
-
 	s := newTestServer(map[string]testResponse{
 		"/user": {data: user{Login: "some-login", ID: 12345678, Name: "Joe Bloggs"}},
 		"/user/emails": {data: []userEmail{{
diff --git a/connector/gitlab/gitlab_test.go b/connector/gitlab/gitlab_test.go
index 331b486ee40e8d9d38f3a183f1eab47632d2a579..23cf9aac2dd65a59961ad606dbd7ee114a058177 100644
--- a/connector/gitlab/gitlab_test.go
+++ b/connector/gitlab/gitlab_test.go
@@ -65,7 +65,6 @@ func TestUserGroupsWithoutOrgs(t *testing.T) {
 
 // tests that the email is used as their username when they have no username set
 func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
-
 	s := newTestServer(map[string]interface{}{
 		"/api/v4/user": gitlabUser{Email: "some@email.com", ID: 12345678},
 		"/oauth/token": map[string]interface{}{
@@ -102,7 +101,6 @@ func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
 }
 
 func TestLoginUsedAsIDWhenConfigured(t *testing.T) {
-
 	s := newTestServer(map[string]interface{}{
 		"/api/v4/user": gitlabUser{Email: "some@email.com", ID: 12345678, Name: "Joe Bloggs", Username: "joebloggs"},
 		"/oauth/token": map[string]interface{}{
@@ -130,7 +128,6 @@ func TestLoginUsedAsIDWhenConfigured(t *testing.T) {
 }
 
 func TestLoginWithTeamWhitelisted(t *testing.T) {
-
 	s := newTestServer(map[string]interface{}{
 		"/api/v4/user": gitlabUser{Email: "some@email.com", ID: 12345678, Name: "Joe Bloggs"},
 		"/oauth/token": map[string]interface{}{
@@ -158,7 +155,6 @@ func TestLoginWithTeamWhitelisted(t *testing.T) {
 }
 
 func TestLoginWithTeamNonWhitelisted(t *testing.T) {
-
 	s := newTestServer(map[string]interface{}{
 		"/api/v4/user": gitlabUser{Email: "some@email.com", ID: 12345678, Name: "Joe Bloggs", Username: "joebloggs"},
 		"/oauth/token": map[string]interface{}{
diff --git a/connector/keystone/keystone.go b/connector/keystone/keystone.go
index dc74a01f75c20e1017129e42e53390fef13c00c3..71a59de80a62e65be1b68af900d4e6ccd72efb93 100644
--- a/connector/keystone/keystone.go
+++ b/connector/keystone/keystone.go
@@ -150,7 +150,6 @@ func (p *conn) Prompt() string { return "username" }
 
 func (p *conn) Refresh(
 	ctx context.Context, scopes connector.Scopes, identity connector.Identity) (connector.Identity, error) {
-
 	token, err := p.getAdminToken(ctx)
 	if err != nil {
 		return identity, fmt.Errorf("keystone: failed to obtain admin token: %v", err)
diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index aed73194a74f753f0631651956080b07ab73eca1..cac3539fe6a66ee1f0f4f720ad285bba632a2d64 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -189,7 +189,6 @@ func (c *Config) OpenConnector(logger log.Logger) (interface {
 }
 
 func (c *Config) openConnector(logger log.Logger) (*ldapConnector, error) {
-
 	requiredFields := []struct {
 		name string
 		val  string
@@ -365,7 +364,6 @@ func (c *ldapConnector) identityFromEntry(user ldap.Entry) (ident connector.Iden
 }
 
 func (c *ldapConnector) userEntry(conn *ldap.Conn, username string) (user ldap.Entry, found bool, err error) {
-
 	filter := fmt.Sprintf("(%s=%s)", c.UserSearch.Username, ldap.EscapeFilter(username))
 	if c.UserSearch.Filter != "" {
 		filter = fmt.Sprintf("(&%s%s)", c.UserSearch.Filter, filter)
diff --git a/connector/saml/saml.go b/connector/saml/saml.go
index 70ab413c771c1b63f6cc20ee0585cb3454355bd6..1c1cb46087b9b765a6a1d7401372f1fbc35c35b8 100644
--- a/connector/saml/saml.go
+++ b/connector/saml/saml.go
@@ -249,7 +249,6 @@ type provider struct {
 }
 
 func (p *provider) POSTData(s connector.Scopes, id string) (action, value string, err error) {
-
 	r := &authnRequest{
 		ProtocolBinding: bindingPOST,
 		ID:              id,
diff --git a/server/api.go b/server/api.go
index 9feb0e9abd87587e8265e86e350667ee9389f867..55784b902079f93365fb0b62e42920b9d088cbff 100644
--- a/server/api.go
+++ b/server/api.go
@@ -218,7 +218,6 @@ func (d dexAPI) DeletePassword(ctx context.Context, req *api.DeletePasswordReq)
 		return nil, fmt.Errorf("delete password: %v", err)
 	}
 	return &api.DeletePasswordResp{}, nil
-
 }
 
 func (d dexAPI) GetVersion(ctx context.Context, req *api.VersionReq) (*api.VersionResp, error) {
@@ -248,7 +247,6 @@ func (d dexAPI) ListPasswords(ctx context.Context, req *api.ListPasswordReq) (*a
 	return &api.ListPasswordResp{
 		Passwords: passwords,
 	}, nil
-
 }
 
 func (d dexAPI) VerifyPassword(ctx context.Context, req *api.VerifyPasswordReq) (*api.VerifyPasswordResp, error) {
diff --git a/server/api_test.go b/server/api_test.go
index 80a224861db631de0db429beb72730c8bd278494..511d5d39dbbd9cecdb0ea548f250f66aa2a3dcd1 100644
--- a/server/api_test.go
+++ b/server/api_test.go
@@ -167,7 +167,6 @@ func TestPassword(t *testing.T) {
 	if _, err := client.DeletePassword(ctx, &deleteReq); err != nil {
 		t.Fatalf("Unable to delete password: %v", err)
 	}
-
 }
 
 // Ensures checkCost returns expected values
@@ -495,7 +494,6 @@ func TestUpdateClient(t *testing.T) {
 			if tc.cleanup != nil {
 				tc.cleanup(t, tc.req.Id)
 			}
-
 		})
 	}
 }
diff --git a/server/handlers.go b/server/handlers.go
index ede474a4730f7778a7b5da5129da1f8ae506f3b4..97a46d57a3e37d6fcb300f22157a137e7513db45 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -922,7 +922,6 @@ func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, client s
 				deleteToken = true
 				return
 			}
-
 		}
 	}
 	s.writeAccessToken(w, idToken, accessToken, refreshToken, expiry)
diff --git a/server/handlers_test.go b/server/handlers_test.go
index 395b7e72c1e90c6e9d67045233e469942b9dc771..b30076dd418c346365fd8c90eaa848e9bd96c22a 100644
--- a/server/handlers_test.go
+++ b/server/handlers_test.go
@@ -24,7 +24,6 @@ func TestHandleHealth(t *testing.T) {
 	if rr.Code != http.StatusOK {
 		t.Errorf("expected 200 got %d", rr.Code)
 	}
-
 }
 
 type badStorage struct {
diff --git a/server/server_test.go b/server/server_test.go
index 6759f2405fabe51121c5b6f7ed0d41819ecbdec2..ef49ed6f8993dc9863a32f0a94781db96d2c8e47 100644
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -799,7 +799,6 @@ func TestCrossClientScopes(t *testing.T) {
 				if !reflect.DeepEqual(idToken.Audience, expAudience) {
 					t.Errorf("expected audience %q, got %q", expAudience, idToken.Audience)
 				}
-
 			}
 			if gotState := q.Get("state"); gotState != state {
 				t.Errorf("state did not match, want=%q got=%q", state, gotState)
@@ -921,7 +920,6 @@ func TestCrossClientScopesWithAzpInAudienceByDefault(t *testing.T) {
 				if !reflect.DeepEqual(idToken.Audience, expAudience) {
 					t.Errorf("expected audience %q, got %q", expAudience, idToken.Audience)
 				}
-
 			}
 			if gotState := q.Get("state"); gotState != state {
 				t.Errorf("state did not match, want=%q got=%q", state, gotState)
@@ -1058,7 +1056,6 @@ func TestPasswordDB(t *testing.T) {
 			t.Errorf("%s: %s", tc.name, diff)
 		}
 	}
-
 }
 
 func TestPasswordDBUsernamePrompt(t *testing.T) {
diff --git a/server/templates.go b/server/templates.go
index 13dda8f1ab419b1a28340e5de0648d4ea414953e..ac0957afd683297c391c22651a384bbbb2806391 100644
--- a/server/templates.go
+++ b/server/templates.go
@@ -176,7 +176,6 @@ func loadTemplates(c webConfig, templatesDir string) (*templates, error) {
 //assetPath is static/main.css
 //relativeURL("/dex", "/dex/auth", "static/main.css") = "../static/main.css"
 func relativeURL(serverPath, reqPath, assetPath string) string {
-
 	splitPath := func(p string) []string {
 		res := []string{}
 		parts := strings.Split(path.Clean(p), "/")
diff --git a/storage/conformance/conformance.go b/storage/conformance/conformance.go
index 9832a7d89ec01fe6cb2a0751d2f94e86cef27703..92a48d6ab10ba28525835fe5f3909aa3f9bbcba1 100644
--- a/storage/conformance/conformance.go
+++ b/storage/conformance/conformance.go
@@ -160,7 +160,6 @@ func testAuthRequestCRUD(t *testing.T, s storage.Storage) {
 	if err := s.DeleteAuthRequest(a2.ID); err != nil {
 		t.Fatalf("failed to delete auth request: %v", err)
 	}
-
 }
 
 func testAuthCodeCRUD(t *testing.T, s storage.Storage) {
@@ -509,7 +508,6 @@ func testPasswordCRUD(t *testing.T, s storage.Storage) {
 
 	_, err = s.GetPassword(password1.Email)
 	mustBeErrNotFound(t, "password", err)
-
 }
 
 func testOfflineSessionCRUD(t *testing.T, s storage.Storage) {
diff --git a/storage/sql/crud.go b/storage/sql/crud.go
index e96a7b129389c4d0c52a72377da14a99e27ac47f..e87dc56aa5bf57a5b4eea06d1a7a2c909957aff5 100644
--- a/storage/sql/crud.go
+++ b/storage/sql/crud.go
@@ -169,7 +169,6 @@ func (c *conn) UpdateAuthRequest(id string, updater func(a storage.AuthRequest)
 		}
 		return nil
 	})
-
 }
 
 func (c *conn) GetAuthRequest(id string) (storage.AuthRequest, error) {