diff --git a/Dockerfile b/Dockerfile
index 9627e541d..478bee75f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -81,7 +81,7 @@ COPY --from=builder /work/authentik /authentik-proxy
 
 USER authentik
 ENV TMPDIR /dev/shm/
-ENV PYTHONUBUFFERED 1
+ENV PYTHONUNBUFFERED 1
 ENV prometheus_multiproc_dir /dev/shm/
 ENV PATH "/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/lifecycle"
 ENTRYPOINT [ "/lifecycle/ak" ]
diff --git a/authentik/crypto/models.py b/authentik/crypto/models.py
index 5a318b7dc..60b1f69b6 100644
--- a/authentik/crypto/models.py
+++ b/authentik/crypto/models.py
@@ -78,9 +78,7 @@ class CertificateKeyPair(CreatedUpdatedModel):
     @property
     def kid(self):
         """Get Key ID used for JWKS"""
-        return "{0}".format(
-            md5(self.key_data.encode("utf-8")).hexdigest() if self.key_data else ""  # nosec
-        )
+        return md5(self.key_data.encode("utf-8")).hexdigest() if self.key_data else ""  # nosec
 
     def __str__(self) -> str:
         return f"Certificate-Key Pair {self.name}"
diff --git a/authentik/providers/oauth2/errors.py b/authentik/providers/oauth2/errors.py
index 6dcdc304a..3ffd88262 100644
--- a/authentik/providers/oauth2/errors.py
+++ b/authentik/providers/oauth2/errors.py
@@ -151,12 +151,13 @@ class AuthorizeError(OAuth2Error):
         # http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthError
         hash_or_question = "#" if self.grant_type == GrantTypes.IMPLICIT else "?"
 
-        uri = "{0}{1}error={2}&error_description={3}".format(
-            self.redirect_uri, hash_or_question, self.error, description
+        uri = (
+            f"{self.redirect_uri}{hash_or_question}error="
+            f"{self.error}&error_description={description}"
         )
 
         # Add state if present.
-        uri = uri + ("&state={0}".format(self.state) if self.state else "")
+        uri = uri + (f"&state={self.state}" if self.state else "")
 
         return uri
 
diff --git a/authentik/sources/oauth/clients/oauth2.py b/authentik/sources/oauth/clients/oauth2.py
index 27443de2b..b3c822812 100644
--- a/authentik/sources/oauth/clients/oauth2.py
+++ b/authentik/sources/oauth/clients/oauth2.py
@@ -113,4 +113,4 @@ class OAuth2Client(BaseOAuthClient):
 
     @property
     def session_key(self):
-        return "oauth-client-{0}-request-state".format(self.source.name)
+        return f"oauth-client-{self.source.name}-request-state"
diff --git a/authentik/stages/authenticator_webauthn/stage.py b/authentik/stages/authenticator_webauthn/stage.py
index 1a383e9ca..966a43735 100644
--- a/authentik/stages/authenticator_webauthn/stage.py
+++ b/authentik/stages/authenticator_webauthn/stage.py
@@ -68,7 +68,7 @@ class AuthenticatorWebAuthnChallengeResponse(ChallengeResponse):
             webauthn_credential = webauthn_registration_response.verify()
         except RegistrationRejectedException as exc:
             LOGGER.warning("registration failed", exc=exc)
-            raise ValidationError("Registration failed. Error: {}".format(exc))
+            raise ValidationError(f"Registration failed. Error: {exc}")
 
         # Step 17.
         #