diff --git a/src/econf.erl b/src/econf.erl
index fdb807588..994f7e96e 100644
--- a/src/econf.erl
+++ b/src/econf.erl
@@ -162,6 +162,8 @@ format_error({bad_cert, Why, Path}) ->
     format_error({bad_pem, Why, Path});
 format_error({bad_jwt_key, Path}) ->
     format("No valid JWT key found in file: ~ts", [Path]);
+format_error({bad_jwt_key_set, Path}) ->
+    format("JWT key contains JWK set in file: ~ts", [Path]);
 format_error({bad_jid, Bad}) ->
     format("Invalid XMPP address: ~ts", [Bad]);
 format_error({bad_user, Bad}) ->
diff --git a/src/ejabberd_options.erl b/src/ejabberd_options.erl
index eacde998d..4a327b17e 100644
--- a/src/ejabberd_options.erl
+++ b/src/ejabberd_options.erl
@@ -407,7 +407,15 @@ opt_type(jwt_key) ->
                   {ok, Data} ->
 		      try jose_jwk:from_binary(Data) of
 			  {error, _} -> econf:fail({bad_jwt_key, Path});
-			  Ret -> Ret
+			  JWK ->
+                              case jose_jwk:to_map(JWK) of
+                                  {_, #{<<"keys">> := [Key]}} ->
+                                      jose_jwk:from_map(Key);
+                                  {_, #{<<"keys">> := _}} ->
+                                      econf:fail({bad_jwt_key_set, Path});
+                                  _ ->
+                                      JWK
+                              end
 		      catch _:_ ->
 			      econf:fail({bad_jwt_key, Path})
 		      end;