diff --git a/.golangci.yml b/.golangci.yml
index c658d914..d0dcfd9b 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -18,7 +18,6 @@ linters:
         # TODO: fix me
         - unparam
         - golint
-        - whitespace
         - goconst
         - unconvert
         - bodyclose
diff --git a/cmd/dex/config_test.go b/cmd/dex/config_test.go
index 87f1a578..1df1f809 100644
--- a/cmd/dex/config_test.go
+++ b/cmd/dex/config_test.go
@@ -211,5 +211,4 @@ logger:
 	if diff := pretty.Compare(c, want); diff != "" {
 		t.Errorf("got!=want: %s", diff)
 	}
-
 }
diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go
index 7d0e0deb..293d3e66 100644
--- a/cmd/dex/serve.go
+++ b/cmd/dex/serve.go
@@ -182,7 +182,6 @@ func serve(cmd *cobra.Command, args []string) error {
 			return fmt.Errorf("failed to initialize storage connectors: %v", err)
 		}
 		storageConnectors[i] = conn
-
 	}
 
 	if c.EnablePasswordDB {
diff --git a/connector/bitbucketcloud/bitbucketcloud.go b/connector/bitbucketcloud/bitbucketcloud.go
index 7d58221a..d8ccf2e5 100644
--- a/connector/bitbucketcloud/bitbucketcloud.go
+++ b/connector/bitbucketcloud/bitbucketcloud.go
@@ -41,7 +41,6 @@ type Config struct {
 
 // Open returns a strategy for logging in through Bitbucket.
 func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
-
 	b := bitbucketConnector{
 		redirectURI:  c.RedirectURI,
 		teams:        c.Teams,
@@ -373,7 +372,6 @@ type userTeamsResponse struct {
 }
 
 func (b *bitbucketConnector) userTeams(ctx context.Context, client *http.Client) ([]string, error) {
-
 	var teams []string
 	apiURL := b.apiURL + "/teams?role=member"
 
diff --git a/connector/bitbucketcloud/bitbucketcloud_test.go b/connector/bitbucketcloud/bitbucketcloud_test.go
index b9f4ba08..488c7886 100644
--- a/connector/bitbucketcloud/bitbucketcloud_test.go
+++ b/connector/bitbucketcloud/bitbucketcloud_test.go
@@ -14,7 +14,6 @@ import (
 )
 
 func TestUserGroups(t *testing.T) {
-
 	teamsResponse := userTeamsResponse{
 		pagedResponse: pagedResponse{
 			Size:    3,
@@ -46,7 +45,6 @@ func TestUserGroups(t *testing.T) {
 }
 
 func TestUserWithoutTeams(t *testing.T) {
-
 	s := newTestServer(map[string]interface{}{
 		"/teams?role=member": userTeamsResponse{},
 	})
@@ -61,7 +59,6 @@ func TestUserWithoutTeams(t *testing.T) {
 }
 
 func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
-
 	s := newTestServer(map[string]interface{}{
 		"/user": user{Username: "some-login"},
 		"/user/emails": userEmailResponse{
diff --git a/connector/github/github.go b/connector/github/github.go
index d9356e73..41aaf589 100644
--- a/connector/github/github.go
+++ b/connector/github/github.go
@@ -67,7 +67,6 @@ type Org struct {
 
 // Open returns a strategy for logging in through GitHub.
 func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
-
 	if c.Org != "" {
 		// Return error if both 'org' and 'orgs' fields are used.
 		if len(c.Orgs) > 0 {
@@ -107,7 +106,6 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error)
 		if g.httpClient, err = newHTTPClient(g.rootCA); err != nil {
 			return nil, fmt.Errorf("failed to create HTTP client: %v", err)
 		}
-
 	}
 	g.loadAllGroups = c.LoadAllGroups
 
diff --git a/connector/github/github_test.go b/connector/github/github_test.go
index 539a2e69..76d7463c 100644
--- a/connector/github/github_test.go
+++ b/connector/github/github_test.go
@@ -126,7 +126,6 @@ func TestUserGroupsWithTeamNameAndSlugFieldConfig(t *testing.T) {
 
 // tests that the users login is used as their username when they have no username set
 func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
-
 	s := newTestServer(map[string]testResponse{
 		"/user": {data: user{Login: "some-login", ID: 12345678}},
 		"/user/emails": {data: []userEmail{{
@@ -168,7 +167,6 @@ func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
 }
 
 func TestLoginUsedAsIDWhenConfigured(t *testing.T) {
-
 	s := newTestServer(map[string]testResponse{
 		"/user": {data: user{Login: "some-login", ID: 12345678, Name: "Joe Bloggs"}},
 		"/user/emails": {data: []userEmail{{
diff --git a/connector/gitlab/gitlab_test.go b/connector/gitlab/gitlab_test.go
index 331b486e..23cf9aac 100644
--- a/connector/gitlab/gitlab_test.go
+++ b/connector/gitlab/gitlab_test.go
@@ -65,7 +65,6 @@ func TestUserGroupsWithoutOrgs(t *testing.T) {
 
 // tests that the email is used as their username when they have no username set
 func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
-
 	s := newTestServer(map[string]interface{}{
 		"/api/v4/user": gitlabUser{Email: "some@email.com", ID: 12345678},
 		"/oauth/token": map[string]interface{}{
@@ -102,7 +101,6 @@ func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
 }
 
 func TestLoginUsedAsIDWhenConfigured(t *testing.T) {
-
 	s := newTestServer(map[string]interface{}{
 		"/api/v4/user": gitlabUser{Email: "some@email.com", ID: 12345678, Name: "Joe Bloggs", Username: "joebloggs"},
 		"/oauth/token": map[string]interface{}{
@@ -130,7 +128,6 @@ func TestLoginUsedAsIDWhenConfigured(t *testing.T) {
 }
 
 func TestLoginWithTeamWhitelisted(t *testing.T) {
-
 	s := newTestServer(map[string]interface{}{
 		"/api/v4/user": gitlabUser{Email: "some@email.com", ID: 12345678, Name: "Joe Bloggs"},
 		"/oauth/token": map[string]interface{}{
@@ -158,7 +155,6 @@ func TestLoginWithTeamWhitelisted(t *testing.T) {
 }
 
 func TestLoginWithTeamNonWhitelisted(t *testing.T) {
-
 	s := newTestServer(map[string]interface{}{
 		"/api/v4/user": gitlabUser{Email: "some@email.com", ID: 12345678, Name: "Joe Bloggs", Username: "joebloggs"},
 		"/oauth/token": map[string]interface{}{
diff --git a/connector/keystone/keystone.go b/connector/keystone/keystone.go
index dc74a01f..71a59de8 100644
--- a/connector/keystone/keystone.go
+++ b/connector/keystone/keystone.go
@@ -150,7 +150,6 @@ func (p *conn) Prompt() string { return "username" }
 
 func (p *conn) Refresh(
 	ctx context.Context, scopes connector.Scopes, identity connector.Identity) (connector.Identity, error) {
-
 	token, err := p.getAdminToken(ctx)
 	if err != nil {
 		return identity, fmt.Errorf("keystone: failed to obtain admin token: %v", err)
diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index aed73194..cac3539f 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -189,7 +189,6 @@ func (c *Config) OpenConnector(logger log.Logger) (interface {
 }
 
 func (c *Config) openConnector(logger log.Logger) (*ldapConnector, error) {
-
 	requiredFields := []struct {
 		name string
 		val  string
@@ -365,7 +364,6 @@ func (c *ldapConnector) identityFromEntry(user ldap.Entry) (ident connector.Iden
 }
 
 func (c *ldapConnector) userEntry(conn *ldap.Conn, username string) (user ldap.Entry, found bool, err error) {
-
 	filter := fmt.Sprintf("(%s=%s)", c.UserSearch.Username, ldap.EscapeFilter(username))
 	if c.UserSearch.Filter != "" {
 		filter = fmt.Sprintf("(&%s%s)", c.UserSearch.Filter, filter)
diff --git a/connector/saml/saml.go b/connector/saml/saml.go
index 70ab413c..1c1cb460 100644
--- a/connector/saml/saml.go
+++ b/connector/saml/saml.go
@@ -249,7 +249,6 @@ type provider struct {
 }
 
 func (p *provider) POSTData(s connector.Scopes, id string) (action, value string, err error) {
-
 	r := &authnRequest{
 		ProtocolBinding: bindingPOST,
 		ID:              id,
diff --git a/server/api.go b/server/api.go
index 9feb0e9a..55784b90 100644
--- a/server/api.go
+++ b/server/api.go
@@ -218,7 +218,6 @@ func (d dexAPI) DeletePassword(ctx context.Context, req *api.DeletePasswordReq)
 		return nil, fmt.Errorf("delete password: %v", err)
 	}
 	return &api.DeletePasswordResp{}, nil
-
 }
 
 func (d dexAPI) GetVersion(ctx context.Context, req *api.VersionReq) (*api.VersionResp, error) {
@@ -248,7 +247,6 @@ func (d dexAPI) ListPasswords(ctx context.Context, req *api.ListPasswordReq) (*a
 	return &api.ListPasswordResp{
 		Passwords: passwords,
 	}, nil
-
 }
 
 func (d dexAPI) VerifyPassword(ctx context.Context, req *api.VerifyPasswordReq) (*api.VerifyPasswordResp, error) {
diff --git a/server/api_test.go b/server/api_test.go
index 80a22486..511d5d39 100644
--- a/server/api_test.go
+++ b/server/api_test.go
@@ -167,7 +167,6 @@ func TestPassword(t *testing.T) {
 	if _, err := client.DeletePassword(ctx, &deleteReq); err != nil {
 		t.Fatalf("Unable to delete password: %v", err)
 	}
-
 }
 
 // Ensures checkCost returns expected values
@@ -495,7 +494,6 @@ func TestUpdateClient(t *testing.T) {
 			if tc.cleanup != nil {
 				tc.cleanup(t, tc.req.Id)
 			}
-
 		})
 	}
 }
diff --git a/server/handlers.go b/server/handlers.go
index ede474a4..97a46d57 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -922,7 +922,6 @@ func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, client s
 				deleteToken = true
 				return
 			}
-
 		}
 	}
 	s.writeAccessToken(w, idToken, accessToken, refreshToken, expiry)
diff --git a/server/handlers_test.go b/server/handlers_test.go
index 395b7e72..b30076dd 100644
--- a/server/handlers_test.go
+++ b/server/handlers_test.go
@@ -24,7 +24,6 @@ func TestHandleHealth(t *testing.T) {
 	if rr.Code != http.StatusOK {
 		t.Errorf("expected 200 got %d", rr.Code)
 	}
-
 }
 
 type badStorage struct {
diff --git a/server/server_test.go b/server/server_test.go
index 6759f240..ef49ed6f 100644
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -799,7 +799,6 @@ func TestCrossClientScopes(t *testing.T) {
 				if !reflect.DeepEqual(idToken.Audience, expAudience) {
 					t.Errorf("expected audience %q, got %q", expAudience, idToken.Audience)
 				}
-
 			}
 			if gotState := q.Get("state"); gotState != state {
 				t.Errorf("state did not match, want=%q got=%q", state, gotState)
@@ -921,7 +920,6 @@ func TestCrossClientScopesWithAzpInAudienceByDefault(t *testing.T) {
 				if !reflect.DeepEqual(idToken.Audience, expAudience) {
 					t.Errorf("expected audience %q, got %q", expAudience, idToken.Audience)
 				}
-
 			}
 			if gotState := q.Get("state"); gotState != state {
 				t.Errorf("state did not match, want=%q got=%q", state, gotState)
@@ -1058,7 +1056,6 @@ func TestPasswordDB(t *testing.T) {
 			t.Errorf("%s: %s", tc.name, diff)
 		}
 	}
-
 }
 
 func TestPasswordDBUsernamePrompt(t *testing.T) {
diff --git a/server/templates.go b/server/templates.go
index 13dda8f1..ac0957af 100644
--- a/server/templates.go
+++ b/server/templates.go
@@ -176,7 +176,6 @@ func loadTemplates(c webConfig, templatesDir string) (*templates, error) {
 //assetPath is static/main.css
 //relativeURL("/dex", "/dex/auth", "static/main.css") = "../static/main.css"
 func relativeURL(serverPath, reqPath, assetPath string) string {
-
 	splitPath := func(p string) []string {
 		res := []string{}
 		parts := strings.Split(path.Clean(p), "/")
diff --git a/storage/conformance/conformance.go b/storage/conformance/conformance.go
index 9832a7d8..92a48d6a 100644
--- a/storage/conformance/conformance.go
+++ b/storage/conformance/conformance.go
@@ -160,7 +160,6 @@ func testAuthRequestCRUD(t *testing.T, s storage.Storage) {
 	if err := s.DeleteAuthRequest(a2.ID); err != nil {
 		t.Fatalf("failed to delete auth request: %v", err)
 	}
-
 }
 
 func testAuthCodeCRUD(t *testing.T, s storage.Storage) {
@@ -509,7 +508,6 @@ func testPasswordCRUD(t *testing.T, s storage.Storage) {
 
 	_, err = s.GetPassword(password1.Email)
 	mustBeErrNotFound(t, "password", err)
-
 }
 
 func testOfflineSessionCRUD(t *testing.T, s storage.Storage) {
diff --git a/storage/sql/crud.go b/storage/sql/crud.go
index e96a7b12..e87dc56a 100644
--- a/storage/sql/crud.go
+++ b/storage/sql/crud.go
@@ -169,7 +169,6 @@ func (c *conn) UpdateAuthRequest(id string, updater func(a storage.AuthRequest)
 		}
 		return nil
 	})
-
 }
 
 func (c *conn) GetAuthRequest(id string) (storage.AuthRequest, error) {