diff --git a/config/config.example.toml b/config/config.example.toml
index 6011f1cb..ad21c245 100644
--- a/config/config.example.toml
+++ b/config/config.example.toml
@@ -54,8 +54,6 @@ forced = false
 # Overriden by the signups.registration setting
 allow_registration = true
 
-# Delete this section if you don't want to use custom OAuth providers
-# This is an example configuration
 # The provider MUST support OpenID Connect with .well-known discovery
 # Most notably, GitHub does not support this
 # Redirect URLs in your OAuth provider can be set to this:
@@ -63,7 +61,7 @@ allow_registration = true
 # The asterisk is important, as it allows for any query parameters to be passed
 # Authentik for example uses regex so it can be set to (regex):
 # <base_url>/oauth/sso/<provider_id>/callback.*
-[[oidc.providers]]
+# [[oidc.providers]]
 # name = "CPlusPatch ID"
 # id = "cpluspatch-id"
 # This MUST match the provider's issuer URI, including the trailing slash (or lack thereof)
diff --git a/packages/config-manager/config.type.ts b/packages/config-manager/config.type.ts
index 574f330d..13e10a1b 100644
--- a/packages/config-manager/config.type.ts
+++ b/packages/config-manager/config.type.ts
@@ -106,7 +106,7 @@ export const configValidator = z.object({
                 }),
             )
             .default([]),
-        jwt_key: z.string().min(3).includes(";").default(""),
+        jwt_key: z.string().min(3).includes(";").default("").or(z.literal("")),
     }),
     http: z.object({
         base_url: z.string().min(1).default("http://lysand.social"),