diff --git a/services/auth/source/oauth2/init.go b/services/auth/source/oauth2/init.go
index 2ad9ddfe7..84578aef5 100644
--- a/services/auth/source/oauth2/init.go
+++ b/services/auth/source/oauth2/init.go
@@ -27,6 +27,10 @@ const ProviderHeaderKey = "gitea-oauth2-provider"
 
 // Init initializes the oauth source
 func Init() error {
+	if !setting.OAuth2.Enable {
+		return
+	}
+
 	if err := InitSigningKey(); err != nil {
 		return err
 	}
diff --git a/services/auth/source/oauth2/jwtsigningkey.go b/services/auth/source/oauth2/jwtsigningkey.go
index 070fffe60..cebe7fff4 100644
--- a/services/auth/source/oauth2/jwtsigningkey.go
+++ b/services/auth/source/oauth2/jwtsigningkey.go
@@ -336,6 +336,10 @@ func InitSigningKey() error {
 // loadOrCreateAsymmetricKey checks if the configured private key exists.
 // If it does not exist a new random key gets generated and saved on the configured path.
 func loadOrCreateAsymmetricKey() (any, error) {
+	if !filepath.IsAbs(setting.OAuth2.JWTSigningPrivateKeyFile) {
+		setting.OAuth2.JWTSigningPrivateKeyFile = filepath.Join(setting.AppDataPath, setting.OAuth2.JWTSigningPrivateKeyFile)
+	}
+
 	keyPath := setting.OAuth2.JWTSigningPrivateKeyFile
 
 	isExist, err := util.IsExist(keyPath)