diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8099d1800ac3f0c6fac0c502d8e867c08655356c..8bd5078f33a4ad8a9679f09780a61348a04e8868 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ### Added
 
+- Correct OAuth2 access handling
 - Use ALS for request-agnostic context injection
 - Add performance monitoring to queue jobs
 - Use queue for sending password reset emails
diff --git a/src/core/utils/jwt.js b/src/core/utils/jwt.js
index 13832755faa97c5a3afd81e3284765090f4f6199..69466b9d5557854a6b38c8cd67d18909a8737ddd 100644
--- a/src/core/utils/jwt.js
+++ b/src/core/utils/jwt.js
@@ -107,5 +107,5 @@ exports.getClaims = tokenPayload => {
 exports.jwtOptions = {
 	issuer: 'urn:jetsam:systems:auth',
 	claims: 'urn:jetsam:resources:claims',
-	keyid_prefix: 'urn:jetsam:jwk:'
+	keyid_prefix: 'urn:jetsam:resources:jwk:'
 }