diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go
index 6c708c4e..08d9fdb0 100644
--- a/cmd/dex/serve.go
+++ b/cmd/dex/serve.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
@@ -15,7 +16,6 @@ import (
 	"github.com/Sirupsen/logrus"
 	"github.com/ghodss/yaml"
 	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 
diff --git a/cmd/example-app/main.go b/cmd/example-app/main.go
index 3ec34e38..4da34b9a 100644
--- a/cmd/example-app/main.go
+++ b/cmd/example-app/main.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"bytes"
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/json"
@@ -19,7 +20,6 @@ import (
 
 	"github.com/coreos/go-oidc"
 	"github.com/spf13/cobra"
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 )
 
@@ -175,7 +175,7 @@ func cmd() *cobra.Command {
 			}
 
 			a.provider = provider
-			a.verifier = provider.Verifier(oidc.VerifyAudience(a.clientID))
+			a.verifier = provider.Verifier(&oidc.Config{ClientID: a.clientID})
 
 			http.HandleFunc("/", a.handleIndex)
 			http.HandleFunc("/login", a.handleLogin)
diff --git a/connector/connector.go b/connector/connector.go
index c92d7589..fde38a24 100644
--- a/connector/connector.go
+++ b/connector/connector.go
@@ -2,9 +2,8 @@
 package connector
 
 import (
+	"context"
 	"net/http"
-
-	"golang.org/x/net/context"
 )
 
 // Connector is a mechanism for federating login to a remote identity service.
diff --git a/connector/github/github.go b/connector/github/github.go
index f6dbdfee..49dc3bb3 100644
--- a/connector/github/github.go
+++ b/connector/github/github.go
@@ -2,6 +2,7 @@
 package github
 
 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -10,7 +11,6 @@ import (
 	"regexp"
 	"strconv"
 
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/github"
 
diff --git a/connector/gitlab/gitlab.go b/connector/gitlab/gitlab.go
index 0fcc3d26..b0f10cf1 100644
--- a/connector/gitlab/gitlab.go
+++ b/connector/gitlab/gitlab.go
@@ -2,6 +2,7 @@
 package gitlab
 
 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -12,7 +13,6 @@ import (
 
 	"github.com/Sirupsen/logrus"
 	"github.com/coreos/dex/connector"
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 )
 
diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index c5e45d37..df3d4c9d 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -2,6 +2,7 @@
 package ldap
 
 import (
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/json"
@@ -9,7 +10,6 @@ import (
 	"io/ioutil"
 	"net"
 
-	"golang.org/x/net/context"
 	"gopkg.in/ldap.v2"
 
 	"github.com/Sirupsen/logrus"
diff --git a/connector/mock/connectortest.go b/connector/mock/connectortest.go
index b754705b..ef7749f7 100644
--- a/connector/mock/connectortest.go
+++ b/connector/mock/connectortest.go
@@ -2,13 +2,12 @@
 package mock
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"net/http"
 	"net/url"
 
-	"golang.org/x/net/context"
-
 	"github.com/Sirupsen/logrus"
 	"github.com/coreos/dex/connector"
 )
diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go
index 6a8b6f98..728bdf6a 100644
--- a/connector/oidc/oidc.go
+++ b/connector/oidc/oidc.go
@@ -2,13 +2,13 @@
 package oidc
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"net/http"
 
 	"github.com/Sirupsen/logrus"
 	"github.com/coreos/go-oidc"
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 
 	"github.com/coreos/dex/connector"
@@ -53,10 +53,10 @@ func (c *Config) Open(logger logrus.FieldLogger) (conn connector.Connector, err
 			RedirectURL:  c.RedirectURI,
 		},
 		verifier: provider.Verifier(
-			oidc.VerifyExpiry(),
-			oidc.VerifyAudience(clientID),
+			&oidc.Config{ClientID: clientID},
 		),
 		logger: logger,
+		cancel: cancel,
 	}, nil
 }
 
diff --git a/glide.yaml b/glide.yaml
index c6d1991f..07337a1d 100644
--- a/glide.yaml
+++ b/glide.yaml
@@ -35,7 +35,6 @@ import:
   version: 6a513affb38dc9788b449d59ffed099b8de18fa0
   subpackages:
   - context
-  - context/ctxhttp
   - http2
   - http2/hpack
   - internal/timeseries
@@ -68,7 +67,7 @@ import:
 
 # Used for server integration tests and OpenID Connect connector.
 - package: github.com/coreos/go-oidc
-  version: 2b5d73091ea4b7ddb15e3ac00077f153120b5b61
+  version: be73733bb8cc830d0205609b95d125215f8e9c70
 - package: github.com/pquerna/cachecontrol
   version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868
 - package: golang.org/x/oauth2
diff --git a/server/api.go b/server/api.go
index 25655d68..0e7c5b2f 100644
--- a/server/api.go
+++ b/server/api.go
@@ -5,6 +5,9 @@ import (
 	"fmt"
 
 	"golang.org/x/crypto/bcrypt"
+
+	// go-grpc doesn't use the standard library's context.
+	// https://github.com/grpc/grpc-go/issues/711
 	"golang.org/x/net/context"
 
 	"github.com/Sirupsen/logrus"
diff --git a/server/handlers_test.go b/server/handlers_test.go
index 233af279..4c410b8e 100644
--- a/server/handlers_test.go
+++ b/server/handlers_test.go
@@ -1,11 +1,10 @@
 package server
 
 import (
+	"context"
 	"net/http"
 	"net/http/httptest"
 	"testing"
-
-	"golang.org/x/net/context"
 )
 
 func TestHandleHealth(t *testing.T) {
diff --git a/server/rotation.go b/server/rotation.go
index fb790c62..5619b3a7 100644
--- a/server/rotation.go
+++ b/server/rotation.go
@@ -1,6 +1,7 @@
 package server
 
 import (
+	"context"
 	"crypto/rand"
 	"crypto/rsa"
 	"encoding/hex"
@@ -9,7 +10,6 @@ import (
 	"io"
 	"time"
 
-	"golang.org/x/net/context"
 	"gopkg.in/square/go-jose.v2"
 
 	"github.com/Sirupsen/logrus"
diff --git a/server/server.go b/server/server.go
index 012802f2..68fe0915 100644
--- a/server/server.go
+++ b/server/server.go
@@ -1,6 +1,7 @@
 package server
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"net/http"
@@ -10,7 +11,6 @@ import (
 	"time"
 
 	"golang.org/x/crypto/bcrypt"
-	"golang.org/x/net/context"
 
 	"github.com/Sirupsen/logrus"
 	"github.com/gorilla/handlers"
diff --git a/server/server_test.go b/server/server_test.go
index 688c606e..2fd0229b 100644
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -1,6 +1,7 @@
 package server
 
 import (
+	"context"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/json"
@@ -24,7 +25,6 @@ import (
 	oidc "github.com/coreos/go-oidc"
 	"github.com/kylelemons/godebug/pretty"
 	"golang.org/x/crypto/bcrypt"
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 	jose "gopkg.in/square/go-jose.v2"
 
@@ -175,6 +175,8 @@ func TestOAuth2CodeFlow(t *testing.T) {
 	// Connector used by the tests.
 	var conn *mock.Callback
 
+	oidcConfig := &oidc.Config{SkipClientIDCheck: true}
+
 	tests := []struct {
 		name string
 		// If specified these set of scopes will be used during the test case.
@@ -189,7 +191,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
 				if !ok {
 					return fmt.Errorf("no id token found")
 				}
-				if _, err := p.Verifier().Verify(ctx, idToken); err != nil {
+				if _, err := p.Verifier(oidcConfig).Verify(ctx, idToken); err != nil {
 					return fmt.Errorf("failed to verify id token: %v", err)
 				}
 				return nil
@@ -212,7 +214,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
 				if !ok {
 					return fmt.Errorf("no id token found")
 				}
-				idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+				idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
 				if err != nil {
 					return fmt.Errorf("failed to verify id token: %v", err)
 				}
@@ -229,7 +231,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
 				if !ok {
 					return fmt.Errorf("no id token found")
 				}
-				idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+				idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
 				if err != nil {
 					return fmt.Errorf("failed to verify id token: %v", err)
 				}
@@ -391,7 +393,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
 				if !ok {
 					return fmt.Errorf("no id_token in refreshed token")
 				}
-				idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+				idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
 				if err != nil {
 					return fmt.Errorf("failed to verify id token: %v", err)
 				}
@@ -632,7 +634,10 @@ func TestOAuth2ImplicitFlow(t *testing.T) {
 
 	src := &nonceSource{nonce: nonce}
 
-	idTokenVerifier := p.Verifier(oidc.VerifyAudience(client.ID), oidc.VerifyNonce(src))
+	idTokenVerifier := p.Verifier(&oidc.Config{
+		ClientID:   client.ID,
+		ClaimNonce: src.ClaimNonce,
+	})
 
 	oauth2Config = &oauth2.Config{
 		ClientID:     client.ID,
@@ -749,7 +754,7 @@ func TestCrossClientScopes(t *testing.T) {
 					t.Errorf("no id token found: %v", err)
 					return
 				}
-				idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+				idToken, err := p.Verifier(&oidc.Config{ClientID: testClientID}).Verify(ctx, rawIDToken)
 				if err != nil {
 					t.Errorf("failed to parse ID Token: %v", err)
 					return
diff --git a/storage/kubernetes/client.go b/storage/kubernetes/client.go
index 1f562165..f61c37db 100644
--- a/storage/kubernetes/client.go
+++ b/storage/kubernetes/client.go
@@ -2,6 +2,7 @@ package kubernetes
 
 import (
 	"bytes"
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/base32"
@@ -24,7 +25,6 @@ import (
 	"github.com/Sirupsen/logrus"
 	"github.com/ghodss/yaml"
 	"github.com/gtank/cryptopasta"
-	"golang.org/x/net/context"
 	"golang.org/x/net/http2"
 
 	"github.com/coreos/dex/storage"
diff --git a/storage/kubernetes/storage.go b/storage/kubernetes/storage.go
index 788d08b1..5b8721f3 100644
--- a/storage/kubernetes/storage.go
+++ b/storage/kubernetes/storage.go
@@ -1,13 +1,12 @@
 package kubernetes
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"strings"
 	"time"
 
-	"golang.org/x/net/context"
-
 	"github.com/Sirupsen/logrus"
 	"github.com/coreos/dex/storage"
 	"github.com/coreos/dex/storage/kubernetes/k8sapi"
@@ -85,6 +84,7 @@ func (c *Config) open(logger logrus.FieldLogger, errOnTPRs bool) (*client, error
 
 	if !cli.createThirdPartyResources() {
 		if errOnTPRs {
+			cancel()
 			return nil, fmt.Errorf("failed creating third party resources")
 		}