diff --git a/services/auth/source/oauth2/init.go b/services/auth/source/oauth2/init.go
index 5c2568154863c..cdb8af59d285f 100644
--- a/services/auth/source/oauth2/init.go
+++ b/services/auth/source/oauth2/init.go
@@ -30,6 +30,11 @@ const ProviderHeaderKey = "gitea-oauth2-provider"
 
 // Init initializes the oauth source
 func Init(ctx context.Context) error {
+	// if oauth is disabled, we don't need to initialize anything
+	if !setting.OAuth2.Enabled {
+		return nil
+	}
+
 	if err := InitSigningKey(); err != nil {
 		return err
 	}
diff --git a/services/auth/source/oauth2/jwtsigningkey.go b/services/auth/source/oauth2/jwtsigningkey.go
index 070fffe60f7fb..cebe7fff48a83 100644
--- a/services/auth/source/oauth2/jwtsigningkey.go
+++ b/services/auth/source/oauth2/jwtsigningkey.go
@@ -336,6 +336,10 @@ func InitSigningKey() error {
 // loadOrCreateAsymmetricKey checks if the configured private key exists.
 // If it does not exist a new random key gets generated and saved on the configured path.
 func loadOrCreateAsymmetricKey() (any, error) {
+	if !filepath.IsAbs(setting.OAuth2.JWTSigningPrivateKeyFile) {
+		setting.OAuth2.JWTSigningPrivateKeyFile = filepath.Join(setting.AppDataPath, setting.OAuth2.JWTSigningPrivateKeyFile)
+	}
+
 	keyPath := setting.OAuth2.JWTSigningPrivateKeyFile
 
 	isExist, err := util.IsExist(keyPath)