diff --git a/OAuthServer/Controllers/OAuthController.cs b/OAuthServer/Controllers/OAuthController.cs
index 9342ebb..82e77e3 100644
--- a/OAuthServer/Controllers/OAuthController.cs
+++ b/OAuthServer/Controllers/OAuthController.cs
@@ -15,7 +15,7 @@ public class OAuthController(
     IDataProtectionProvider dataProtectionProvider
 ) : ControllerBase {
     private readonly Dictionary<string, string> _clients = new() {
-        {"lmao", "yeet"},
+        { "lmao", "yeet" },
     };
 
 
@@ -71,21 +71,21 @@ public class OAuthController(
             string.IsNullOrEmpty(request.redirect_uri) ||
             string.IsNullOrEmpty(request.client_id) ||
             string.IsNullOrEmpty(request.client_secret)) {
-            return BadRequest(new {error = "invalid_request"});
+            return BadRequest(new { error = "invalid_request" });
         }
 
         if (request.grant_type != "authorization_code") {
-            return BadRequest(new {error = "unsupported_grant_type"});
+            return BadRequest(new { error = "unsupported_grant_type" });
         }
 
         if (!_clients.TryGetValue(request.client_id, out string? clientSecret)) {
             logger.LogInformation("Unknown client id");
-            return BadRequest(new {error = "unauthorized_client"});
+            return BadRequest(new { error = "unauthorized_client" });
         }
 
         if (request.client_secret != clientSecret) {
             logger.LogInformation("Invalid client secret");
-            return BadRequest(new {error = "unauthorized_client"});
+            return BadRequest(new { error = "unauthorized_client" });
         }
 
         IDataProtector protector = dataProtectionProvider.CreateProtector("oauth");
@@ -93,20 +93,20 @@ public class OAuthController(
         try {
             codeObject = JsonSerializer.Deserialize<CodeObject>(protector.Unprotect(request.code));
         } catch (Exception) {
-            return BadRequest(new {error = "invalid_request"});
+            return BadRequest(new { error = "invalid_request" });
         }
 
         if (codeObject == null) {
-            return BadRequest(new {error = "invalid_request"});
+            return BadRequest(new { error = "invalid_request" });
         }
 
         if (codeObject.ClientId != request.client_id || codeObject.RedirectUri != request.redirect_uri) {
-            return BadRequest(new {error = "invalid_request"});
+            return BadRequest(new { error = "invalid_request" });
         }
 
         if (DateTime.UtcNow > codeObject.Expiry) {
             logger.LogInformation("Expired token");
-            return BadRequest(new {error = "invalid_grant"});
+            return BadRequest(new { error = "invalid_grant" });
         }
 
         string token = jwt.GenerateToken(codeObject.ClientId, codeObject.Nonce);
@@ -114,7 +114,20 @@ public class OAuthController(
         Response.Headers.Append("Cache-Control", "no-store");
         Response.Headers.Append("Pragma", "no-cache");
 
-        return Ok(new {access_token = token, token_type = "bearer", id_token = token});
+        return Ok(new { access_token = token, token_type = "bearer", id_token = token });
+    }
+
+    [Authorize]
+    [HttpGet("user")]
+    public ActionResult UserInfo() {
+        return Ok(new {
+            sub = "248289761001",
+            name = "Jane Doe",
+            // given_name = "Jane",
+            // family_name = "Doe",
+            // preferred_username = "j.doe",
+            email = "janedoe@example.com",
+        });
     }
 
     private record CodeObject(string ClientId, string RedirectUri, DateTime Expiry, string? Nonce);
diff --git a/OAuthServer/Controllers/OpenIdController.cs b/OAuthServer/Controllers/OpenIdController.cs
index e208d05..8e1a1a7 100644
--- a/OAuthServer/Controllers/OpenIdController.cs
+++ b/OAuthServer/Controllers/OpenIdController.cs
@@ -16,6 +16,7 @@ public class OpenIdController(
             Issuer = "http://localhost:1234",
             AuthorizationEndpoint = "http://localhost:1234/oauth/authorize",
             TokenEndpoint = "http://localhost:1234/oauth/token",
+            UserInfoEndpoint = "http://localhost:1234/oauth/user",
             JwksUri = "http://localhost:1234/.well-known/jwks.json",
             ScopesSupported = ["openid"],
             ResponseTypesSupported = ["code"],
@@ -34,7 +35,7 @@ public class OpenIdController(
 
     [HttpGet("/.well-known/jwks.json")]
     public ActionResult<JwksResponse> GetJwks() {
-        var rsaSecurityKey = new RsaSecurityKey(jwtService.RsaKey) {
+        var rsaSecurityKey = new RsaSecurityKey(jwtService.RsaKey.ExportParameters(false)) {
             KeyId = "TODO; keyid"
         };
         var jsonWebKey = JsonWebKeyConverter.ConvertFromRSASecurityKey(rsaSecurityKey);
diff --git a/OAuthServer/Services/JwtService.cs b/OAuthServer/Services/JwtService.cs
index 14b1688..f57046b 100644
--- a/OAuthServer/Services/JwtService.cs
+++ b/OAuthServer/Services/JwtService.cs
@@ -15,7 +15,6 @@ public class JwtService {
     public static RSA GetSigningKey() {
         RSA rsaKey = RSA.Create();
         const string jwtKeyPath = ".aspnet/jwt-key";
-        const string jwtPubKeyPath = ".aspnet/jwt-key.pub";
         string home = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
         string fullPath = Path.Combine(home, jwtKeyPath);
         if (File.Exists(fullPath)) {