diff --git a/src/oidcc_jwt_util.erl b/src/oidcc_jwt_util.erl
index b2d8a64..4223d41 100644
--- a/src/oidcc_jwt_util.erl
+++ b/src/oidcc_jwt_util.erl
@@ -439,10 +439,10 @@ encrypt(Jwt, Jwk, [Algorithm | _RestAlgorithms] = SupportedAlgorithms, Supported
 -spec thumbprint(Jwk :: jose_jwk:key()) -> {ok, binary()} | error.
 thumbprint(Jwk) ->
     evaluate_for_all_keys(Jwk, fun
-        (#jose_jwk{fields = #{<<"use">> := <<"sig">>}} = Key) ->
-            {ok, jose_jwk:thumbprint(Key)};
-        (_Key) ->
-            error
+        (#jose_jwk{fields = #{<<"use">> := Use}}) when Use =/= <<"sig">> ->
+            error;
+        (Key) ->
+            {ok, jose_jwk:thumbprint(Key)}
     end).
 
 %% @private
@@ -450,13 +450,13 @@ thumbprint(Jwk) ->
     {ok, binary()} | {error, no_supported_alg_or_key}.
 sign_dpop(Jwt, Jwk, SigningAlgSupported) ->
     evaluate_for_all_keys(Jwk, fun
-        (#jose_jwk{fields = #{<<"use">> := <<"sig">>}} = Key) ->
+        (#jose_jwk{fields = #{<<"use">> := Use}}) when Use =/= <<"sig">> ->
+            error;
+        (Key) ->
             {_, PublicJwk} = jose_jwk:to_public_map(Key),
             sign(Jwt, Key, SigningAlgSupported, #{
                 <<"typ">> => <<"dpop+jwt">>, <<"jwk">> => PublicJwk
-            });
-        (_Key) ->
-            error
+            })
     end).
 
 %% @private
diff --git a/test/oidcc_authorization_test.erl b/test/oidcc_authorization_test.erl
index 9d7c70a..8eea1db 100644
--- a/test/oidcc_authorization_test.erl
+++ b/test/oidcc_authorization_test.erl
@@ -1137,11 +1137,7 @@ private_key_jwt_fixture() ->
         dpop_signing_alg_values_supported = [<<"RS256">>]
     },
 
-    Jwks0 = jose_jwk:from_pem_file(PrivDir ++ "/test/fixtures/jwk.pem"),
-
-    Jwks = Jwks0#jose_jwk{
-        fields = #{<<"kid">> => <<"private_kid">>, <<"use">> => <<"sig">>}
-    },
+    Jwks = jose_jwk:from_pem_file(PrivDir ++ "/test/fixtures/jwk.pem"),
 
     ClientId = <<"client_id">>,