diff --git a/pkg/authenticator/password/basicauthpassword/basicauthpassword.go b/pkg/authenticator/password/basicauthpassword/basicauthpassword.go
index 8398f7b56..c086d6001 100644
--- a/pkg/authenticator/password/basicauthpassword/basicauthpassword.go
+++ b/pkg/authenticator/password/basicauthpassword/basicauthpassword.go
@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 
@@ -103,7 +103,7 @@ func (a *Authenticator) AuthenticatePassword(ctx context.Context, username, pass
 		return nil, false, nil
 	}
 
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, false, err
 	}
diff --git a/pkg/authenticator/password/keystonepassword/keystonepassword_test.go b/pkg/authenticator/password/keystonepassword/keystonepassword_test.go
index b23e28936..c8331182b 100644
--- a/pkg/authenticator/password/keystonepassword/keystonepassword_test.go
+++ b/pkg/authenticator/password/keystonepassword/keystonepassword_test.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"testing"
 
@@ -59,7 +59,7 @@ func TestKeystoneLogin(t *testing.T) {
 			}
 		}
 		var x AuthRequest
-		body, _ := ioutil.ReadAll(r.Body)
+		body, _ := io.ReadAll(r.Body)
 		th.AssertNoErr(t, json.Unmarshal(body, &x))
 		domainName := x.Auth.Identity.Password.User.Domain.Name
 		userName := x.Auth.Identity.Password.User.Name
diff --git a/pkg/cmd/oauth-server/cmd.go b/pkg/cmd/oauth-server/cmd.go
index 8b4efce45..4e0c937fa 100644
--- a/pkg/cmd/oauth-server/cmd.go
+++ b/pkg/cmd/oauth-server/cmd.go
@@ -4,7 +4,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 
 	"github.com/spf13/cobra"
@@ -86,7 +85,7 @@ func (o *OsinServerOptions) Validate() error {
 }
 
 func (o *OsinServerOptions) RunOsinServer(stopCh <-chan struct{}) error {
-	configContent, err := ioutil.ReadFile(o.ConfigFile)
+	configContent, err := os.ReadFile(o.ConfigFile)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/config/stringsource.go b/pkg/config/stringsource.go
index b575e5535..45574fe09 100644
--- a/pkg/config/stringsource.go
+++ b/pkg/config/stringsource.go
@@ -4,7 +4,6 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
 	"os"
 
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -31,7 +30,7 @@ func ResolveStringValue(s configv1.StringSource) (string, error) {
 	case len(s.Env) > 0:
 		value = os.Getenv(s.Env)
 	case len(s.File) > 0:
-		data, err := ioutil.ReadFile(s.File)
+		data, err := os.ReadFile(s.File)
 		if err != nil {
 			return "", err
 		}
@@ -45,7 +44,7 @@ func ResolveStringValue(s configv1.StringSource) (string, error) {
 		return value, nil
 	}
 
-	keyData, err := ioutil.ReadFile(s.KeyFile)
+	keyData, err := os.ReadFile(s.KeyFile)
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/oauth/external/gitlab/gitlab_oauth.go b/pkg/oauth/external/gitlab/gitlab_oauth.go
index 6d70e5f17..5da5784f8 100644
--- a/pkg/oauth/external/gitlab/gitlab_oauth.go
+++ b/pkg/oauth/external/gitlab/gitlab_oauth.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 
@@ -95,7 +95,7 @@ func (p *provider) GetUserIdentity(data *osincli.AccessData) (authapi.UserIdenti
 	}
 	defer res.Body.Close()
 
-	body, err := ioutil.ReadAll(res.Body)
+	body, err := io.ReadAll(res.Body)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/oauth/external/openid/openid.go b/pkg/oauth/external/openid/openid.go
index 587f9d26f..feafe5748 100644
--- a/pkg/oauth/external/openid/openid.go
+++ b/pkg/oauth/external/openid/openid.go
@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"strings"
@@ -273,7 +273,7 @@ func fetchUserInfo(url, accessToken string, transport http.RoundTripper) (map[st
 
 	// The UserInfo Claims MUST be returned as the members of a JSON object
 	// http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
-	data, err := ioutil.ReadAll(resp.Body)
+	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/oauthserver/auth.go b/pkg/oauthserver/auth.go
index 7f1f7425c..26f7b6ed1 100644
--- a/pkg/oauthserver/auth.go
+++ b/pkg/oauthserver/auth.go
@@ -6,9 +6,9 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"net/url"
+	"os"
 	"path"
 	"strings"
 
@@ -685,7 +685,7 @@ func (c *OAuthServerConfig) getAuthenticationRequestHandler() (authenticator.Req
 
 				// Wrap with an x509 verifier
 				if len(provider.ClientCA) > 0 {
-					caData, err := ioutil.ReadFile(provider.ClientCA)
+					caData, err := os.ReadFile(provider.ClientCA)
 					if err != nil {
 						return nil, fmt.Errorf("Error reading %s: %v", provider.ClientCA, err)
 					}
diff --git a/pkg/oauthserver/oauth_apiserver.go b/pkg/oauthserver/oauth_apiserver.go
index 522fff451..2022c5d1b 100644
--- a/pkg/oauthserver/oauth_apiserver.go
+++ b/pkg/oauthserver/oauth_apiserver.go
@@ -5,9 +5,9 @@ import (
 	"crypto/sha256"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"net/url"
+	"os"
 	"time"
 
 	"k8s.io/apimachinery/pkg/runtime"
@@ -200,7 +200,7 @@ func getSessionSecrets(filename string) ([][]byte, error) {
 	var secrets [][]byte
 
 	if len(filename) != 0 {
-		data, err := ioutil.ReadFile(filename)
+		data, err := os.ReadFile(filename)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/oauthserver/oauth_apiserver_test.go b/pkg/oauthserver/oauth_apiserver_test.go
index 4a5219398..b14708c33 100644
--- a/pkg/oauthserver/oauth_apiserver_test.go
+++ b/pkg/oauthserver/oauth_apiserver_test.go
@@ -1,7 +1,6 @@
 package oauthserver
 
 import (
-	"io/ioutil"
 	"os"
 	"reflect"
 	"testing"
@@ -28,13 +27,13 @@ func TestGetMissingSessionSecretsFile(t *testing.T) {
 }
 
 func TestGetInvalidSessionSecretsFile(t *testing.T) {
-	tmpfile, err := ioutil.TempFile("", "invalid.yaml")
+	tmpfile, err := os.CreateTemp("", "invalid.yaml")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	defer os.Remove(tmpfile.Name())
 
-	if err := ioutil.WriteFile(tmpfile.Name(), []byte("invalid content"), os.FileMode(0600)); err != nil {
+	if err := os.WriteFile(tmpfile.Name(), []byte("invalid content"), os.FileMode(0600)); err != nil {
 		t.Fatal(err)
 	}
 
@@ -45,7 +44,7 @@ func TestGetInvalidSessionSecretsFile(t *testing.T) {
 }
 
 func TestGetEmptySessionSecretsFile(t *testing.T) {
-	tmpfile, err := ioutil.TempFile("", "empty.yaml")
+	tmpfile, err := os.CreateTemp("", "empty.yaml")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -59,7 +58,7 @@ func TestGetEmptySessionSecretsFile(t *testing.T) {
 	if err != nil {
 		t.Errorf("Unexpected error: %v", err)
 	}
-	if err := ioutil.WriteFile(tmpfile.Name(), []byte(yaml), os.FileMode(0600)); err != nil {
+	if err := os.WriteFile(tmpfile.Name(), []byte(yaml), os.FileMode(0600)); err != nil {
 		t.Fatal(err)
 	}
 
@@ -70,7 +69,7 @@ func TestGetEmptySessionSecretsFile(t *testing.T) {
 }
 
 func TestGetValidSessionSecretsFile(t *testing.T) {
-	tmpfile, err := ioutil.TempFile("", "valid.yaml")
+	tmpfile, err := os.CreateTemp("", "valid.yaml")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -88,7 +87,7 @@ func TestGetValidSessionSecretsFile(t *testing.T) {
 	if err != nil {
 		t.Errorf("Unexpected error: %v", err)
 	}
-	if err := ioutil.WriteFile(tmpfile.Name(), []byte(yaml), os.FileMode(0600)); err != nil {
+	if err := os.WriteFile(tmpfile.Name(), []byte(yaml), os.FileMode(0600)); err != nil {
 		t.Fatal(err)
 	}
 
diff --git a/pkg/server/grant/grant_test.go b/pkg/server/grant/grant_test.go
index 9f763ecc7..d88821ca9 100644
--- a/pkg/server/grant/grant_test.go
+++ b/pkg/server/grant/grant_test.go
@@ -2,7 +2,7 @@ package grant
 
 import (
 	"errors"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@@ -467,7 +467,7 @@ func TestGrant(t *testing.T) {
 		}
 
 		if len(testCase.ExpectContains) > 0 {
-			data, _ := ioutil.ReadAll(resp.Body)
+			data, _ := io.ReadAll(resp.Body)
 			body := string(data)
 			for i := range testCase.ExpectContains {
 				if !strings.Contains(body, testCase.ExpectContains[i]) {
diff --git a/pkg/server/login/login_test.go b/pkg/server/login/login_test.go
index 3091efa66..c3b131ddb 100644
--- a/pkg/server/login/login_test.go
+++ b/pkg/server/login/login_test.go
@@ -3,7 +3,7 @@ package login
 import (
 	"context"
 	"errors"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@@ -246,7 +246,7 @@ func TestLogin(t *testing.T) {
 		}
 
 		if len(testCase.ExpectContains) > 0 {
-			data, _ := ioutil.ReadAll(resp.Body)
+			data, _ := io.ReadAll(resp.Body)
 			body := string(data)
 			for i := range testCase.ExpectContains {
 				if !strings.Contains(body, testCase.ExpectContains[i]) {
diff --git a/pkg/server/selectprovider/selectprovider_test.go b/pkg/server/selectprovider/selectprovider_test.go
index db2aa77d5..cae37729e 100644
--- a/pkg/server/selectprovider/selectprovider_test.go
+++ b/pkg/server/selectprovider/selectprovider_test.go
@@ -1,7 +1,7 @@
 package selectprovider
 
 import (
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@@ -96,7 +96,7 @@ func TestSelectAuthentication(t *testing.T) {
 		}
 
 		if len(testCase.ExpectContains) > 0 {
-			data, _ := ioutil.ReadAll(resp.Body)
+			data, _ := io.ReadAll(resp.Body)
 			body := string(data)
 			for i := range testCase.ExpectContains {
 				if !strings.Contains(body, testCase.ExpectContains[i]) {