diff --git a/cmd/hspguard/api/api.go b/cmd/hspguard/api/api.go
index 0506474..7d6a62e 100644
--- a/cmd/hspguard/api/api.go
+++ b/cmd/hspguard/api/api.go
@@ -38,10 +38,10 @@ func (s *APIServer) Run() error {
 	// staticDir := http.Dir(filepath.Join(workDir, "static"))
 	// FileServer(router, "/static", staticDir)
 
-	oauthHandler := oauth.NewOAuthHandler()
+	oauthHandler := oauth.NewOAuthHandler(s.repo)
 
 	router.Route("/api/v1", func(r chi.Router) {
-		r.Use(imiddleware.WithSkipper(imiddleware.AuthMiddleware, "/api/v1/login", "/api/v1/register", "/api/v1/oauth"))
+		r.Use(imiddleware.WithSkipper(imiddleware.AuthMiddleware, "/api/v1/login", "/api/v1/register", "/api/v1/oauth/token"))
 
 		userHandler := user.NewUserHandler(s.repo, s.storage)
 		userHandler.RegisterRoutes(r)
@@ -52,7 +52,8 @@ func (s *APIServer) Run() error {
 		oauthHandler.RegisterRoutes(r)
 	})
 
-	router.Get("/.well-known/openid-configuration", oauthHandler.Metadata)
+	router.Get("/.well-known/jwks.json", auth.WriteJWKS)
+	router.Get("/.well-known/openid-configuration", auth.OpenIdConfiguration)
 
 	router.Get("/*", func(w http.ResponseWriter, r *http.Request) {
 		path := "./dist" + r.URL.Path