Cant get Signup or OIDC working [Docker Compose]

[THS-Shiniri]

Hi Ive kinda build another Docker Compose hence I dont want to clone and build the repo. It spins up I can access it I can claim my Admin Account create Shortlinks and those work as well. Even the creation of short links without being signed in works.

But for the love of god on the Login/Sign Up Page I can ONLY Login via Local User Creds. No signup no OIDC nothing.

After all I want to enable OIDC to let my Users use their Authentik SSO login to create short links. They should be able to register only this way (not even via Email) But it straight up doesnt want to work...

services:
    pub-kutt:
    image: kutt/kutt:latest
    container_name: pub-kutt
    restart: unless-stopped
    volumes:
        - ./kutt/db_data_sqlite:/var/lib/kutt
        - ./kutt/custom:/kutt/custom
    environment:
        - DB_FILENAME=/var/lib/kutt/data.sqlite
        - NODE_ENV=production
        - TRUST_PROXY=true
        - SITE_NAME=Kutt - Test
        - SITE_URL=https://test.***.de
        - DEFAULT_DOMAIN=test.***.de
        - LINK_LENGTH=5
        - JWT_SECRET=***
        - DISALLOW_REGISTRATION=false
        - DISALLOW_ANONYMOUS_LINKS=false
      #Mail Setup
        - MAIL_ENABLE=true
        - MAIL_HOST=***.***.net
        - MAIL_PORT=587
        - MAIL_USER=DoNotReply@***.de
        - MAIL_FROM=DoNotReply@***.de
        - MAIL_SECURE=false
      #OIDC Envs
        - OIDC_ENABLE=true
        - OIDC_ISSUER=https://***/application/o/kutt/
        - OIDC_CLIENT_ID=***
        - OIDC_CLIENT_SECRET=***
        - OIDC_SCOPE=openid profile email
        - OIDC_EMAIL_CLAIM=email
      #Contact Info
        - REPORT_EMAIL=***@outlook.de
        - CONTACT_EMAIL=***@outlook.de
    expose:
        - 3000
    networks:
        - pangolin-client_default

networks:
    pangolin-client_default:
        external: true

EDIT:
Ive build the Image myself and everything works besides OIDC with Authentik.
Somebody mentioned it has something to do with JWKS or something. Can someone elaborate on this?
Source: Issue #980

[pogmommy]

Do you have an encryption key selected in the OAuth2 Provider? I found using authentik's provided self-signed certificate for the signing key, and selecting no certificate for the encryption key was able to get OIDC in Kutt working for me with Authentik. The environment variable JWT_SECRET must still be set, but it seems that it can be any value.

[AR2000AR]

You do need to select a signing certificat in authentik's provider. That's how I made it finally work.