diff --git a/clientapi/auth/sso/oauth2.go b/clientapi/auth/sso/oauth2.go
index b8d12b59e..d94320b5c 100644
--- a/clientapi/auth/sso/oauth2.go
+++ b/clientapi/auth/sso/oauth2.go
@@ -39,7 +39,6 @@ type oauth2IdentityProvider struct {
 
 	scopes              []string
 	responseMimeType    string
-	issPath             string
 	subPath             string
 	emailPath           string
 	displayNamePath     string
@@ -79,7 +78,7 @@ func (p *oauth2IdentityProvider) ProcessCallback(ctx context.Context, callbackUR
 			desc = error
 		}
 		switch error {
-		case "unauthorized_client", "access_denied":
+		case "unauthorized_client", "access_denied": // nolint:misspell
 			return nil, jsonerror.Forbidden("SSO said no: " + desc)
 		default:
 			return nil, fmt.Errorf("SSO failed: %v", error)
@@ -135,7 +134,7 @@ func (p *oauth2IdentityProvider) getAccessToken(ctx context.Context, callbackURL
 	if err != nil {
 		return "", err
 	}
-	defer hresp.Body.Close()
+	defer hresp.Body.Close() // nolint:errcheck
 
 	var resp oauth2TokenResponse
 	if err := json.NewDecoder(hresp.Body).Decode(&resp); err != nil {
@@ -178,7 +177,7 @@ func (p *oauth2IdentityProvider) getUserInfo(ctx context.Context, accessToken st
 	if err != nil {
 		return "", "", "", err
 	}
-	defer hresp.Body.Close()
+	defer hresp.Body.Close() // nolint:errcheck
 
 	body, err := ioutil.ReadAll(hresp.Body)
 	if err != nil {
diff --git a/clientapi/auth/sso/oidc.go b/clientapi/auth/sso/oidc.go
index 660816d9d..d8ff07faa 100644
--- a/clientapi/auth/sso/oidc.go
+++ b/clientapi/auth/sso/oidc.go
@@ -136,7 +136,7 @@ func oidcDiscover(ctx context.Context, url string) (*oidcDiscovery, error) {
 	if err != nil {
 		return nil, err
 	}
-	defer hresp.Body.Close()
+	defer hresp.Body.Close() // nolint:errcheck
 
 	var disc oidcDiscovery
 	if err := json.NewDecoder(hresp.Body).Decode(&disc); err != nil {
diff --git a/clientapi/routing/sso.go b/clientapi/routing/sso.go
index 55df5c49b..ad977a9d7 100644
--- a/clientapi/routing/sso.go
+++ b/clientapi/routing/sso.go
@@ -193,7 +193,7 @@ func SSOCallback(
 		return util.RedirectResponse(result.RedirectURL)
 	}
 
-	localpart, err := verifySSOUserIdentifier(ctx, userAPI, result.Identifier, serverName)
+	localpart, err := verifySSOUserIdentifier(ctx, userAPI, result.Identifier)
 	if err != nil {
 		util.GetLogger(ctx).WithError(err).WithField("ssoIdentifier", result.Identifier).Error("failed to find user")
 		return util.JSONResponse{
@@ -278,7 +278,7 @@ func parseNonce(s string) (redirectURL *url.URL, _ error) {
 // verifySSOUserIdentifier resolves an sso.UserIdentifier to a local
 // part using the User API. Returns empty if there is no associated
 // user.
-func verifySSOUserIdentifier(ctx context.Context, userAPI userAPIForSSO, id *sso.UserIdentifier, serverName gomatrixserverlib.ServerName) (localpart string, _ error) {
+func verifySSOUserIdentifier(ctx context.Context, userAPI userAPIForSSO, id *sso.UserIdentifier) (localpart string, _ error) {
 	req := &uapi.QueryLocalpartForSSORequest{
 		Namespace: id.Namespace,
 		Issuer:    id.Issuer,
diff --git a/setup/config/config_clientapi.go b/setup/config/config_clientapi.go
index 342ad2945..868732361 100644
--- a/setup/config/config_clientapi.go
+++ b/setup/config/config_clientapi.go
@@ -190,11 +190,11 @@ type IdentityProvider struct {
 func (idp *IdentityProvider) Verify(configErrs *ConfigErrors) {
 	checkNotEmpty(configErrs, "client_api.sso.providers.id", idp.ID)
 	if !checkIdentityProviderBrand(SSOBrand(idp.ID)) {
-		configErrs.Add(fmt.Sprintf("unrecognized ID config key %q: %s", "client_api.sso.providers", idp.ID))
+		configErrs.Add(fmt.Sprintf("unrecognised ID config key %q: %s", "client_api.sso.providers", idp.ID))
 	}
 	checkNotEmpty(configErrs, "client_api.sso.providers.name", idp.Name)
 	if idp.Brand != "" && !checkIdentityProviderBrand(idp.Brand) {
-		configErrs.Add(fmt.Sprintf("unrecognized brand in identity provider %q for config key %q: %s", idp.ID, "client_api.sso.providers", idp.Brand))
+		configErrs.Add(fmt.Sprintf("unrecognised brand in identity provider %q for config key %q: %s", idp.ID, "client_api.sso.providers", idp.Brand))
 	}
 	if idp.Icon != "" {
 		checkURL(configErrs, "client_api.sso.providers.icon", idp.Icon)
@@ -215,7 +215,7 @@ func (idp *IdentityProvider) Verify(configErrs *ConfigErrors) {
 		checkNotEmpty(configErrs, "client_api.sso.providers.oidc.client_secret", idp.OIDC.ClientSecret)
 
 	default:
-		configErrs.Add(fmt.Sprintf("unrecognized type in identity provider %q for config key %q: %s", idp.ID, "client_api.sso.providers", typ))
+		configErrs.Add(fmt.Sprintf("unrecognised type in identity provider %q for config key %q: %s", idp.ID, "client_api.sso.providers", typ))
 	}
 }