diff --git a/src/oidc.js b/src/oidc.js
index 611589754..fdcd01deb 100644
--- a/src/oidc.js
+++ b/src/oidc.js
@@ -832,7 +832,7 @@ async function start() {
     let keyEdDsa = await blobs.getString(blobs.OIDC_KEY_EDDSA);
     if (!keyEdDsa) {
         debug('Generating new OIDC EdDSA key');
-        const { privateKey } = await jose.generateKeyPair('EdDSA');
+        const { privateKey } = await jose.generateKeyPair('EdDSA', { extractable: true });
         keyEdDsa = await jose.exportJWK(privateKey);
         await blobs.setString(blobs.OIDC_KEY_EDDSA, JSON.stringify(keyEdDsa));
         jwksKeys.push(keyEdDsa);
@@ -844,7 +844,7 @@ async function start() {
     let keyRs256 = await blobs.getString(blobs.OIDC_KEY_RS256);
     if (!keyRs256) {
         debug('Generating new OIDC RS256 key');
-        const { privateKey } = await jose.generateKeyPair('RS256');
+        const { privateKey } = await jose.generateKeyPair('RS256', { extractable: true });
         keyRs256 = await jose.exportJWK(privateKey);
         await blobs.setString(blobs.OIDC_KEY_RS256, JSON.stringify(keyRs256));
         jwksKeys.push(keyRs256);
@@ -870,7 +870,7 @@ async function start() {
             }
         },
         jwks: {
-            jwksKeys
+            keys: jwksKeys
         },
         claims: {
             email: ['email', 'email_verified'],