diff --git a/services/mana-core-auth/src/auth/oidc.controller.ts b/services/mana-core-auth/src/auth/oidc.controller.ts
index e687b0e7d..1f2a94267 100644
--- a/services/mana-core-auth/src/auth/oidc.controller.ts
+++ b/services/mana-core-auth/src/auth/oidc.controller.ts
@@ -61,7 +61,7 @@ export class OidcController {
 	}
 
 	/**
-	 * JWKS Endpoint
+	 * JWKS Endpoint (via /api/oidc/jwks)
 	 *
 	 * Returns JSON Web Key Set for token verification.
 	 */
@@ -70,6 +70,17 @@ export class OidcController {
 		return this.handleOidcRequest(req, res);
 	}
 
+	/**
+	 * JWKS Endpoint (via /api/auth/jwks)
+	 *
+	 * Better Auth's discovery document points to this path,
+	 * so we need to expose it directly as well.
+	 */
+	@Get('api/auth/jwks')
+	async jwksAlt(@Req() req: Request, @Res() res: Response) {
+		return this.handleOidcRequest(req, res);
+	}
+
 	/**
 	 * Catch-all for other OIDC endpoints
 	 */