diff --git a/cmd/app/main.go b/cmd/app/main.go
index 7c8662d..ea29028 100644
--- a/cmd/app/main.go
+++ b/cmd/app/main.go
@@ -1,5 +1,5 @@
 /*
-Copyright CAcert Inc
+Copyright CAcert Inc.
 SPDX-License-Identifier: Apache-2.0
 
 Licensed under the Apache License, Version 2.0 (the "License");
@@ -28,11 +28,12 @@ import (
 	"os"
 	"time"
 
-	"code.cacert.org/cacert/oidc-demo-app/ui"
 	"github.com/knadh/koanf"
 	"github.com/knadh/koanf/parsers/toml"
 	"github.com/knadh/koanf/providers/confmap"
 
+	"code.cacert.org/cacert/oidc-demo-app/ui"
+
 	"code.cacert.org/cacert/oidc-demo-app/internal/handlers"
 	"code.cacert.org/cacert/oidc-demo-app/internal/services"
 )
@@ -83,7 +84,7 @@ func (f *StaticFileInfoWrapper) ModTime() time.Time {
 	return f.fixedModTime
 }
 
-func main() {
+func main() { //nolint:cyclop
 	var (
 		logLevel   = new(slog.LevelVar)
 		logHandler slog.Handler
@@ -100,10 +101,6 @@ func main() {
 		os.Exit(1)
 	}
 
-	oidcServer := config.MustString("oidc.server")
-	oidcClientID := config.MustString("oidc.client-id")
-	oidcClientSecret := config.MustString("oidc.client-secret")
-
 	if level := config.Bytes("log.level"); level != nil {
 		if err := logLevel.UnmarshalText(level); err != nil {
 			logger.Error("could not parse log level", "error", err)
@@ -121,6 +118,10 @@ func main() {
 
 	logLogger := slog.NewLogLogger(logger.Handler(), logLevel.Level())
 
+	oidcServer := config.MustString("oidc.server")
+	oidcClientID := config.MustString("oidc.client-id")
+	oidcClientSecret := config.MustString("oidc.client-secret")
+
 	logger.Info(
 		"Starting CAcert OpenID Connect demo application",
 		"version", version, "commit", commit, "date", date,
@@ -152,9 +153,13 @@ func main() {
 	}
 
 	sessionPath, sessionAuthKey, sessionEncKey, err := configureSessionParameters(logger, config)
-	if err := services.InitSessionStore(logger, sessionPath, sessionAuthKey, sessionEncKey); err != nil {
-		logger.Error("could not initialize session store", "error", err)
+	if err != nil {
+		logger.Error("error configuring session parameters", "error", err)
+		os.Exit(1)
+	}
 
+	if err := services.InitSessionStore(sessionPath, sessionAuthKey, sessionEncKey); err != nil {
+		logger.Error("could not initialize session store", "error", err)
 		os.Exit(1)
 	}
 
@@ -165,7 +170,6 @@ func main() {
 	tokenInfoService, err := services.InitTokenInfoService(logger, oidcInfo)
 	if err != nil {
 		logger.Error("could not initialize token info service", "error", err)
-
 		os.Exit(1)
 	}
 
diff --git a/internal/handlers/protected.go b/internal/handlers/protected.go
index 477f740..258ffa4 100644
--- a/internal/handlers/protected.go
+++ b/internal/handlers/protected.go
@@ -24,9 +24,10 @@ import (
 	"net/http"
 	"net/url"
 
+	"github.com/nicksnyder/go-i18n/v2/i18n"
+
 	"code.cacert.org/cacert/oidc-demo-app/internal/services"
 	"code.cacert.org/cacert/oidc-demo-app/ui"
-	"github.com/nicksnyder/go-i18n/v2/i18n"
 )
 
 type ProtectedResource struct {
diff --git a/internal/handlers/startup.go b/internal/handlers/startup.go
index ad89c25..cb2efdf 100644
--- a/internal/handlers/startup.go
+++ b/internal/handlers/startup.go
@@ -31,7 +31,9 @@ import (
 	"github.com/knadh/koanf"
 )
 
-func StartApplication(ctx context.Context, logger *slog.Logger, server *http.Server, publicURL string, config *koanf.Koanf) error {
+func StartApplication(
+	ctx context.Context, logger *slog.Logger, server *http.Server, publicURL string, config *koanf.Koanf,
+) error {
 	done := make(chan bool)
 	quit := make(chan os.Signal, 1)
 	signal.Notify(quit, os.Interrupt)
diff --git a/internal/services/oidc.go b/internal/services/oidc.go
index 40e5303..9eb8dc9 100644
--- a/internal/services/oidc.go
+++ b/internal/services/oidc.go
@@ -66,10 +66,10 @@ func DiscoverOIDC(logger *slog.Logger, params *OidcParams) (*OIDCInformation, er
 		)
 
 		return nil, fmt.Errorf("could not parse parameter value: %w", err)
-	} else {
-		discoveryURL.Path = "/.well-known/openid-configuration"
 	}
 
+	discoveryURL.Path = "/.well-known/openid-configuration"
+
 	var (
 		body []byte
 		req  *http.Request
diff --git a/internal/services/security.go b/internal/services/security.go
index e97d8fd..0217359 100644
--- a/internal/services/security.go
+++ b/internal/services/security.go
@@ -27,7 +27,7 @@ func GenerateKey(length int) ([]byte, error) {
 
 	read, err := rand.Read(key)
 	if err != nil {
-		return nil, fmt.Errorf("could not generate key", err)
+		return nil, fmt.Errorf("could not generate key: %w", err)
 	}
 
 	if read != length {
diff --git a/internal/services/session.go b/internal/services/session.go
index 41d25d2..bf5221d 100644
--- a/internal/services/session.go
+++ b/internal/services/session.go
@@ -19,7 +19,6 @@ package services
 
 import (
 	"fmt"
-	"log/slog"
 	"os"
 
 	"github.com/gorilla/sessions"
@@ -34,7 +33,7 @@ const (
 	SessionRedirectTarget
 )
 
-func InitSessionStore(logger *slog.Logger, sessionPath string, keys ...[]byte) error {
+func InitSessionStore(sessionPath string, keys ...[]byte) error {
 	store = sessions.NewFilesystemStore(sessionPath, keys...)
 
 	if _, err := os.Stat(sessionPath); err != nil {