diff --git a/CHANGELOG.md b/CHANGELOG.md
index e6dfbbf8f..5bee99218 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -38,7 +38,7 @@
 
 ### Bug Fixes
 
-* explicit permisions on actions ([#1978](https://github.com/supabase/auth/issues/1978)) ([06e9ead](https://github.com/supabase/auth/commit/06e9ead3e09e77631597a953a535cb93dd006c7f))
+* explicit permissions on actions ([#1978](https://github.com/supabase/auth/issues/1978)) ([06e9ead](https://github.com/supabase/auth/commit/06e9ead3e09e77631597a953a535cb93dd006c7f))
 * propagate error when when confirming phone ([#1939](https://github.com/supabase/auth/issues/1939)) ([e882b42](https://github.com/supabase/auth/commit/e882b42f3929ab2e587a41ba6593edaf237e5535))
 * redirects must not be to ip addresses ([#1984](https://github.com/supabase/auth/issues/1984)) ([347e23a](https://github.com/supabase/auth/commit/347e23a98c2ee362620d2711d12a76d7bc266a8f))
 * sanitize redirect URL (remove fragment, query) before pattern matching ([#1974](https://github.com/supabase/auth/issues/1974)) ([ccf20d7](https://github.com/supabase/auth/commit/ccf20d724f31871b71292e0ea867c48e2cdfdbcb))
@@ -308,7 +308,7 @@
 ### Bug Fixes
 
 * maintain backward compatibility for asymmetric JWTs ([#1690](https://github.com/supabase/auth/issues/1690)) ([0ad1402](https://github.com/supabase/auth/commit/0ad1402444348e47e1e42be186b3f052d31be824))
-* MFA NewFactor to default to creating unverfied factors ([#1692](https://github.com/supabase/auth/issues/1692)) ([3d448fa](https://github.com/supabase/auth/commit/3d448fa73cb77eb8511dbc47bfafecce4a4a2150))
+* MFA NewFactor to default to creating unverified factors ([#1692](https://github.com/supabase/auth/issues/1692)) ([3d448fa](https://github.com/supabase/auth/commit/3d448fa73cb77eb8511dbc47bfafecce4a4a2150))
 * minor spelling errors ([#1688](https://github.com/supabase/auth/issues/1688)) ([6aca52b](https://github.com/supabase/auth/commit/6aca52b56f8a6254de7709c767b9a5649f1da248)), closes [#1682](https://github.com/supabase/auth/issues/1682)
 * treat `GOTRUE_MFA_ENABLED` as meaning TOTP enabled on enroll and verify ([#1694](https://github.com/supabase/auth/issues/1694)) ([8015251](https://github.com/supabase/auth/commit/8015251400bd52cbdad3ea28afb83b1cdfe816dd))
 * update mfa phone migration to be idempotent ([#1687](https://github.com/supabase/auth/issues/1687)) ([fdff1e7](https://github.com/supabase/auth/commit/fdff1e703bccf93217636266f1862bd0a9205edb))
@@ -436,7 +436,7 @@
 
 * add SAML specific external URL config ([#1599](https://github.com/supabase/auth/issues/1599)) ([b352719](https://github.com/supabase/auth/commit/b3527190560381fafe9ba2fae4adc3b73703024a))
 * add support for verifying argon2i and argon2id passwords ([#1597](https://github.com/supabase/auth/issues/1597)) ([55409f7](https://github.com/supabase/auth/commit/55409f797bea55068a3fafdddd6cfdb78feba1b4))
-* make the email client explicity set the format to be HTML ([#1149](https://github.com/supabase/auth/issues/1149)) ([53e223a](https://github.com/supabase/auth/commit/53e223abdf29f4abcad13f99baf00daedcb00c3f))
+* make the email client explicitly set the format to be HTML ([#1149](https://github.com/supabase/auth/issues/1149)) ([53e223a](https://github.com/supabase/auth/commit/53e223abdf29f4abcad13f99baf00daedcb00c3f))
 
 
 ### Bug Fixes
@@ -505,7 +505,7 @@
 
 ### Features
 
-* refactor generate accesss token to take in request ([#1531](https://github.com/supabase/auth/issues/1531)) ([e4f2b59](https://github.com/supabase/auth/commit/e4f2b59e8e1f8158b6461a384349f1a32cc1bf9a))
+* refactor generate access token to take in request ([#1531](https://github.com/supabase/auth/issues/1531)) ([e4f2b59](https://github.com/supabase/auth/commit/e4f2b59e8e1f8158b6461a384349f1a32cc1bf9a))
 
 
 ### Bug Fixes
diff --git a/internal/api/mfa.go b/internal/api/mfa.go
index 8ce34e52d..3e5a32843 100644
--- a/internal/api/mfa.go
+++ b/internal/api/mfa.go
@@ -117,7 +117,7 @@ func (w *WebAuthnParams) ToConfig() (*webauthn.WebAuthn, error) {
 	}
 
 	wconfig := &webauthn.Config{
-		// DisplayName is optional in spec but required to be non-empty in libary, we use the RPID as a placeholder.
+		// DisplayName is optional in spec but required to be non-empty in library, we use the RPID as a placeholder.
 		RPDisplayName: w.RPID,
 		RPID:          w.RPID,
 		RPOrigins:     validOrigins,
diff --git a/internal/api/middleware.go b/internal/api/middleware.go
index c974c7f91..cd268d1b1 100644
--- a/internal/api/middleware.go
+++ b/internal/api/middleware.go
@@ -40,7 +40,7 @@ func (f *FunctionHooks) UnmarshalJSON(b []byte) error {
 		*f = FunctionHooks(raw)
 		return nil
 	}
-	// If unmarshaling into map[string][]string fails, try legacy format.
+	// If unmarshalling into map[string][]string fails, try legacy format.
 	var legacy map[string]string
 	err = json.Unmarshal(b, &legacy)
 	if err != nil {
diff --git a/internal/api/provider/notion.go b/internal/api/provider/notion.go
index f8d0ee706..16f177cab 100644
--- a/internal/api/provider/notion.go
+++ b/internal/api/provider/notion.go
@@ -101,7 +101,7 @@ func (g notionProvider) GetUserData(ctx context.Context, tok *oauth2.Token) (*Us
 	if u.Bot.Owner.User.Person.Email != "" {
 		data.Emails = []Email{{
 			Email:    u.Bot.Owner.User.Person.Email,
-			Verified: true, // Notion dosen't provide data on if email is verified.
+			Verified: true, // Notion doesn't provide data on if email is verified.
 			Primary:  true,
 		}}
 	}
diff --git a/internal/api/provider/spotify.go b/internal/api/provider/spotify.go
index e6d2f383c..d1f45da27 100644
--- a/internal/api/provider/spotify.go
+++ b/internal/api/provider/spotify.go
@@ -77,7 +77,7 @@ func (g spotifyProvider) GetUserData(ctx context.Context, tok *oauth2.Token) (*U
 	if u.Email != "" {
 		data.Emails = []Email{{
 			Email: u.Email,
-			// Spotify dosen't provide data on whether the user's email is verified.
+			// Spotify doesn't provide data on whether the user's email is verified.
 			// https://developer.spotify.com/documentation/web-api/reference/get-current-users-profile
 			Verified: false,
 			Primary:  true,
diff --git a/internal/api/provider/twitch.go b/internal/api/provider/twitch.go
index defb1983a..d709bb1f8 100644
--- a/internal/api/provider/twitch.go
+++ b/internal/api/provider/twitch.go
@@ -82,7 +82,7 @@ func (t twitchProvider) GetOAuthToken(code string) (*oauth2.Token, error) {
 func (t twitchProvider) GetUserData(ctx context.Context, tok *oauth2.Token) (*UserProvidedData, error) {
 	var u twitchUsers
 
-	// Perform http request, because we neeed to set the Client-Id header
+	// Perform http request, because we need to set the Client-Id header
 	req, err := http.NewRequest("GET", t.APIHost+"/helix/users", nil)
 
 	if err != nil {
diff --git a/internal/api/samlacs.go b/internal/api/samlacs.go
index 3f64fc235..fb8d3d9c3 100644
--- a/internal/api/samlacs.go
+++ b/internal/api/samlacs.go
@@ -48,7 +48,7 @@ func (a *API) SamlAcs(w http.ResponseWriter, r *http.Request) error {
 	if err := a.handleSamlAcs(w, r); err != nil {
 		u, uerr := url.Parse(a.config.SiteURL)
 		if uerr != nil {
-			return apierrors.NewInternalServerError("site url is improperly formattted").WithInternalError(err)
+			return apierrors.NewInternalServerError("site url is improperly formatted").WithInternalError(err)
 		}
 
 		q := getErrorQueryString(err, utilities.GetRequestID(r.Context()), observability.GetLogEntry(r).Entry, u.Query())
diff --git a/internal/api/verify_test.go b/internal/api/verify_test.go
index e0dc5ed73..381b1d157 100644
--- a/internal/api/verify_test.go
+++ b/internal/api/verify_test.go
@@ -75,7 +75,7 @@ func (ts *VerifyTestSuite) TestVerifyPasswordRecovery() {
 		isPKCE bool
 	}{
 		{
-			desc: "Implict Flow Recovery",
+			desc: "Implicit Flow Recovery",
 			body: map[string]interface{}{
 				"email": testEmail,
 			},
@@ -156,7 +156,7 @@ func (ts *VerifyTestSuite) TestVerifySecureEmailChange() {
 		newEmail     string
 	}{
 		{
-			desc: "Implict Flow Email Change",
+			desc: "Implicit Flow Email Change",
 			body: map[string]interface{}{
 				"email": newEmail,
 			},
@@ -461,7 +461,7 @@ func (ts *VerifyTestSuite) TestExpiredRecoveryToken() {
 	assert.Equal(ts.T(), http.StatusSeeOther, w.Code, w.Body.String())
 }
 
-func (ts *VerifyTestSuite) TestVerifyPermitedCustomUri() {
+func (ts *VerifyTestSuite) TestVerifyPermittedCustomUri() {
 	// verify variant testing not necessary in this test as it's testing
 	// the redirect URL behavior, not the RecoveryToken behavior
 
@@ -507,7 +507,7 @@ func (ts *VerifyTestSuite) TestVerifyPermitedCustomUri() {
 	assert.True(ts.T(), u.IsConfirmed())
 }
 
-func (ts *VerifyTestSuite) TestVerifyNotPermitedCustomUri() {
+func (ts *VerifyTestSuite) TestVerifyNotPermittedCustomUri() {
 	// verify variant testing not necessary in this test as it's testing
 	// the redirect URL behavior, not the RecoveryToken behavior
 
@@ -1125,7 +1125,7 @@ func (ts *VerifyTestSuite) TestPrepRedirectURL() {
 			expected: fmt.Sprintf("https://example.com/?first=another&message=%s&second=other#message=%s", escapedMessage, escapedMessage),
 		},
 		{
-			desc:     "(PKCE): Query params in redirect url are overriden",
+			desc:     "(PKCE): Query params in redirect url are overridden",
 			message:  singleConfirmationAccepted,
 			rurl:     "https://example.com/?message=Valid+redirect+URL",
 			flowType: models.PKCEFlow,
diff --git a/internal/conf/configuration.go b/internal/conf/configuration.go
index c9b7aff58..0166633c5 100644
--- a/internal/conf/configuration.go
+++ b/internal/conf/configuration.go
@@ -44,12 +44,12 @@ type Time struct {
 }
 
 func (t *Time) UnmarshalText(text []byte) error {
-	trimed := bytes.TrimSpace(text)
+	trimmed := bytes.TrimSpace(text)
 
-	if len(trimed) < 1 {
+	if len(trimmed) < 1 {
 		t.Time = time.Time{}
 	} else {
-		if err := t.Time.UnmarshalText(trimed); err != nil {
+		if err := t.Time.UnmarshalText(trimmed); err != nil {
 			return err
 		}
 	}
diff --git a/internal/crypto/password.go b/internal/crypto/password.go
index 7cf46073d..95a93e70f 100644
--- a/internal/crypto/password.go
+++ b/internal/crypto/password.go
@@ -38,7 +38,7 @@ const (
 	FirebaseScryptKeyLen = 32 // Firebase uses AES-256 which requires 32 byte keys: https://pkg.go.dev/golang.org/x/crypto/scrypt#Key
 )
 
-// PasswordHashCost is the current pasword hashing cost
+// PasswordHashCost is the current password hashing cost
 // for all new hashes generated with
 // GenerateHashFromPassword.
 var PasswordHashCost = DefaultHashCost
diff --git a/internal/hooks/v0hooks/manager_test.go b/internal/hooks/v0hooks/manager_test.go
index 0d27031c7..7c46e4e16 100644
--- a/internal/hooks/v0hooks/manager_test.go
+++ b/internal/hooks/v0hooks/manager_test.go
@@ -344,7 +344,7 @@ func TestHooks(t *testing.T) {
 
 		// fail - invalid input type
 		{
-			desc:   "fail - invalid intput type",
+			desc:   "fail - invalid input type",
 			req:    make(chan int),
 			res:    M{},
 			errStr: "500: Unknown hook type chan int.",
diff --git a/internal/hooks/v0hooks/v0http/v0http.go b/internal/hooks/v0hooks/v0http/v0http.go
index d076dc246..7c66db145 100644
--- a/internal/hooks/v0hooks/v0http/v0http.go
+++ b/internal/hooks/v0hooks/v0http/v0http.go
@@ -93,7 +93,7 @@ func (o *Dispatcher) Dispatch(
 	if data != nil {
 		if err := json.Unmarshal(data, res); err != nil {
 			return apierrors.NewInternalServerError(
-				"Error unmarshaling JSON output.").WithInternalError(err)
+				"Error unmarshalling JSON output.").WithInternalError(err)
 		}
 	}
 	return nil
diff --git a/internal/hooks/v0hooks/v0http/v0http_test.go b/internal/hooks/v0hooks/v0http/v0http_test.go
index 5960563a9..7ae10bf0d 100644
--- a/internal/hooks/v0hooks/v0http/v0http_test.go
+++ b/internal/hooks/v0hooks/v0http/v0http_test.go
@@ -163,7 +163,7 @@ func TestDispatch(t *testing.T) {
 		},
 
 		{
-			desc: "fail - limit reader exceeeded",
+			desc: "fail - limit reader exceeded",
 			dr: New(
 				WithResponseLimit(1),
 			),
@@ -178,7 +178,7 @@ func TestDispatch(t *testing.T) {
 		{
 			desc:   "fail - unmarshal error",
 			dr:     New(),
-			errStr: "500: Error unmarshaling JSON output.",
+			errStr: "500: Error unmarshalling JSON output.",
 			hr: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 				w.Header().Add("Content-Type", "application/json")
 				w.WriteHeader(http.StatusOK)
diff --git a/internal/hooks/v0hooks/v0pgfunc/v0pgfunc.go b/internal/hooks/v0hooks/v0pgfunc/v0pgfunc.go
index c13f1d49b..6b26b68ae 100644
--- a/internal/hooks/v0hooks/v0pgfunc/v0pgfunc.go
+++ b/internal/hooks/v0hooks/v0pgfunc/v0pgfunc.go
@@ -59,7 +59,7 @@ func (o *Dispatcher) Dispatch(
 	if data != nil {
 		if err := json.Unmarshal(data, res); err != nil {
 			return apierrors.NewInternalServerError(
-				"Error unmarshaling JSON output.").WithInternalError(err)
+				"Error unmarshalling JSON output.").WithInternalError(err)
 		}
 	}
 	return nil
@@ -76,7 +76,7 @@ func (o *Dispatcher) RunPostgresHook(
 	request, err := json.Marshal(input)
 	if err != nil {
 		return nil, apierrors.NewInternalServerError(
-			"Error marshaling JSON input.").WithInternalError(err)
+			"Error marshalling JSON input.").WithInternalError(err)
 	}
 
 	var response []byte
diff --git a/internal/hooks/v0hooks/v0pgfunc/v0pgfunc_test.go b/internal/hooks/v0hooks/v0pgfunc/v0pgfunc_test.go
index 668e6a34a..b8c410b91 100644
--- a/internal/hooks/v0hooks/v0pgfunc/v0pgfunc_test.go
+++ b/internal/hooks/v0hooks/v0pgfunc/v0pgfunc_test.go
@@ -180,7 +180,7 @@ func TestDispatch(t *testing.T) {
 				begin
 					return input;
 				end; $$ language plpgsql;`,
-			errStr: "500: Error unmarshaling JSON output.",
+			errStr: "500: Error unmarshalling JSON output.",
 		},
 	}
 
diff --git a/internal/mailer/validate.go b/internal/mailer/validate.go
index 817d16894..ce248d372 100644
--- a/internal/mailer/validate.go
+++ b/internal/mailer/validate.go
@@ -299,7 +299,7 @@ func isHostNotFound(err error) bool {
 	// domain is not configured to receive email.
 	var dnsError *net.DNSError
 	if !errors.As(err, &dnsError) {
-		// We will be unable to determine with absolute certainy the email was
+		// We will be unable to determine with absolute certainty the email was
 		// invalid so we will err on the side of caution and return nil.
 		return false
 	}
diff --git a/internal/models/linking_test.go b/internal/models/linking_test.go
index 05d4a8c32..81f3820ee 100644
--- a/internal/models/linking_test.go
+++ b/internal/models/linking_test.go
@@ -161,7 +161,7 @@ func (ts *AccountLinkingTestSuite) TestLinkingScenarios() {
 		decision AccountLinkingResult
 	}{
 		{
-			// link decision because the below described identity is in the default linking domain but uses "other-provider" instead of "provder"
+			// link decision because the below described identity is in the default linking domain but uses "other-provider" instead of "provider"
 			desc: "same email address",
 			email: provider.Email{
 				Email:    "test@example.com",
diff --git a/internal/models/sessions.go b/internal/models/sessions.go
index b103fb61e..81fc11aa1 100644
--- a/internal/models/sessions.go
+++ b/internal/models/sessions.go
@@ -91,7 +91,7 @@ type Session struct {
 	ID     uuid.UUID `json:"-" db:"id"`
 	UserID uuid.UUID `json:"user_id" db:"user_id"`
 
-	// NotAfter is overriden by timeboxed sessions.
+	// NotAfter is overridden by timeboxed sessions.
 	NotAfter *time.Time `json:"not_after,omitempty" db:"not_after"`
 
 	CreatedAt time.Time  `json:"created_at" db:"created_at"`
@@ -216,7 +216,7 @@ func NewSession(userID uuid.UUID, factorID *uuid.UUID) (*Session, error) {
 // to true, then the SELECT statement used by the query has the form SELECT ...
 // FOR UPDATE SKIP LOCKED. This means that a FOR UPDATE lock will only be
 // acquired if there's no other lock. In case there is a lock, a
-// IsNotFound(err) error will be retured.
+// IsNotFound(err) error will be returned.
 func FindSessionByID(tx *storage.Connection, id uuid.UUID, forUpdate bool) (*Session, error) {
 	session := &Session{}
 
diff --git a/internal/models/user.go b/internal/models/user.go
index 69e76b336..1a69162c8 100644
--- a/internal/models/user.go
+++ b/internal/models/user.go
@@ -18,7 +18,7 @@ import (
 	"golang.org/x/crypto/bcrypt"
 )
 
-// User respresents a registered user with email/password authentication
+// User represents a registered user with email/password authentication
 type User struct {
 	ID uuid.UUID `json:"id" db:"id"`
 
@@ -439,7 +439,7 @@ func (u *User) ConfirmReauthentication(tx *storage.Connection) error {
 	return nil
 }
 
-// Confirm resets the confimation token and sets the confirm timestamp
+// Confirm resets the confirmation token and sets the confirm timestamp
 func (u *User) Confirm(tx *storage.Connection) error {
 	u.ConfirmationToken = ""
 	now := time.Now()
@@ -462,7 +462,7 @@ func (u *User) Confirm(tx *storage.Connection) error {
 	return nil
 }
 
-// ConfirmPhone resets the confimation token and sets the confirm timestamp
+// ConfirmPhone resets the confirmation token and sets the confirm timestamp
 func (u *User) ConfirmPhone(tx *storage.Connection) error {
 	u.ConfirmationToken = ""
 	now := time.Now()
diff --git a/internal/reloader/reloader.go b/internal/reloader/reloader.go
index c518ae374..6c2cfb3a3 100644
--- a/internal/reloader/reloader.go
+++ b/internal/reloader/reloader.go
@@ -95,7 +95,7 @@ func (rl *Reloader) Watch(ctx context.Context, fn ConfigFunc) error {
 				logrus.WithError(err).Error("reloader: error watching config directory")
 			}
 
-			// Check to see if the config is ready to be relaoded.
+			// Check to see if the config is ready to be reloaded.
 			if !rl.reloadCheckAt(time.Now(), lastUpdate) {
 				continue
 			}
diff --git a/internal/storage/dial.go b/internal/storage/dial.go
index 3ee99395b..9369875ed 100644
--- a/internal/storage/dial.go
+++ b/internal/storage/dial.go
@@ -107,7 +107,7 @@ func registerOpenTelemetryDatabaseStats(db *pop.Connection) {
 	}
 
 	if err := otelsql.RegisterDBStatsMetrics(sqldb); err != nil {
-		logrus.WithError(err).Error("unable to register OpenTelemetry stats metrics for databse")
+		logrus.WithError(err).Error("unable to register OpenTelemetry stats metrics for database")
 	} else {
 		logrus.Debug("registered OpenTelemetry stats metrics for database")
 	}
diff --git a/migrations/20230116124310_alter_phone_type.up.sql b/migrations/20230116124310_alter_phone_type.up.sql
index fa846dbb0..b7ae13f63 100644
--- a/migrations/20230116124310_alter_phone_type.up.sql
+++ b/migrations/20230116124310_alter_phone_type.up.sql
@@ -1,4 +1,4 @@
--- alter phone field column type to accomodate for soft deletion 
+-- alter phone field column type to accommodate for soft deletion
 
 do $$
 begin
diff --git a/openapi.yaml b/openapi.yaml
index 7996f817f..e0daae4cb 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -1117,7 +1117,7 @@ paths:
           headers:
             Content-Disposition:
               description: >
-                Present if `download=true`, which triggers the browser to show a donwload dialog.
+                Present if `download=true`, which triggers the browser to show a download dialog.
               schema:
                 type: string
                 example: attachment; filename="metadata.xml"
@@ -1814,7 +1814,7 @@ paths:
             Service is not healthy: infrastructure issue. Usually not retriable.
         503:
           description: >
-            Service is not healthy: infrastrucutre issue. Retriable with exponential backoff.
+            Service is not healthy: infrastructure issue. Retriable with exponential backoff.
         504:
           description: >
             Service is not healthy: request timed out. Retriable with exponential backoff.