diff --git a/doc/howto/rp.rst b/doc/howto/rp.rst
index 27dbfe8..397c486 100644
--- a/doc/howto/rp.rst
+++ b/doc/howto/rp.rst
@@ -102,16 +102,15 @@ necessary information::
     >> provider_info["authorization_endpoint"]
     'https://example.com/op/authz_endp'
 
-The provider info is also automatically stored in the client instance.
-Since a RP can potentially talk to more than one OP during it's life time
-the provider information is store using the issuer name as the key::
+The provider info is also automatically stored in the client instance.::
 
-    >> client.provider_info.keys()
-    ['https://example.com/op']
-    >> client.provider_info["https://example.com/op"]["scopes_supported"]
+    >> client.provider_info["scopes_supported"]
     ['openid', 'profile', 'email']
 
 
+For the simple Client it is expected it will only talk to one OP during its
+lifetime.
+
 Now, you know all about the OP. The next step would be to register the
 client with the OP.
 
@@ -309,8 +308,8 @@ If it's an AccessTokenResponse the information in the response will be stored
 in the client instance with *state* as the key for future use.
 One if the items in the response will be the ID Token which contains information
 about the authentication.
-One parameter (or claim as its also called) is the nonce you provider with
-the authroization request.
+One parameter (or claim as its also called) is the nonce you provide with
+the authorization request.
 
 And then the final request, the user info request::
 
diff --git a/src/oic/oic/__init__.py b/src/oic/oic/__init__.py
index c24c2d9..ac97186 100644
--- a/src/oic/oic/__init__.py
+++ b/src/oic/oic/__init__.py
@@ -757,7 +757,8 @@ class Client(oauth2.Client):
             except KeyError:
                 args = {}
 
-            owner = self.endpoint2issuer(path, "userinfo_endpoint")
+            #owner = self.endpoint2issuer(path, "userinfo_endpoint")
+            owner = self.provider_info["issuer"]
             keys = self.keyjar.get_signing_key(_kty, owner, **args)
 
             return _schema().from_jwt(resp.text, keys)
@@ -1123,34 +1124,6 @@ class Client(oauth2.Client):
         #subject, host = self.normalization(principal)
         return self.wf.discovery_query(principal)
 
-    def endpoint2issuer(self, url, endpoint=""):
-        """
-        Given that I know which endpoint it's about and which URL was used
-        which issuer was it.
-
-        :param str endpoint: Which endpoint
-        :param str url: The endpoint url
-        :return: Issuer identifier if one matched otherwise ""
-        """
-
-        if endpoint:
-            for issuer, pi in self.provider_info.items():
-                try:
-                    if pi[endpoint] == url:
-                        return issuer
-                except KeyError:
-                    pass
-        else:
-            for issuer, pi in self.provider_info.items():
-                for endpoint in ENDPOINTS:
-                    try:
-                        if pi[endpoint] == url:
-                            return issuer
-                    except KeyError:
-                        pass
-
-        return ""
-
 
 # noinspection PyMethodOverriding
 class Server(oauth2.Server):
@@ -1375,6 +1348,10 @@ class Server(oauth2.Server):
         if access_token:
             _args["at_hash"] = jws.left_hash(access_token, halg)
 
+        # Should better be done elsewhere
+        if not issuer.endswith("/"):
+            issuer += "/"
+
         idt = IdToken(iss=issuer, sub=session["sub"],
                       aud=session["client_id"],
                       exp=time_util.epoch_in_a_while(**inawhile), acr=loa,
diff --git a/src/oic/oic/provider.py b/src/oic/oic/provider.py
index f47e24a..87be3ce 100644
--- a/src/oic/oic/provider.py
+++ b/src/oic/oic/provider.py
@@ -4,6 +4,7 @@ import traceback
 import urllib
 import sys
 from jwkest.jwe import JWE
+from jwkest.jwk import SYMKey
 from oic.utils.authn.user import NoSuchAuthentication
 from oic.utils.authn.user import ToOld
 from oic.utils.authn.user import TamperAllert
@@ -35,7 +36,7 @@ from oic.oic.message import ProviderConfigurationResponse
 from oic.oic.message import DiscoveryResponse
 
 from jwkest import jws, jwe
-from jwkest.jws import alg2keytype
+from jwkest.jws import alg2keytype, left_hash
 from jwkest.jws import NoSuitableSigningKeys
 
 __author__ = 'rohe0002'
@@ -283,6 +284,9 @@ class Provider(AProvider):
             logger.debug("client_id: %s" % session["client_id"])
             ckey = self.keyjar.get_signing_key(alg2keytype(alg),
                                                session["client_id"])
+            if not ckey:  # create a new key
+                _secret = self.cdb[session["client_id"]]["client_secret"]
+                ckey = [SYMKey(key=_secret)]
         else:
             if "" in self.keyjar:
                 for b in self.keyjar[""]:
@@ -1510,9 +1514,9 @@ class Provider(AProvider):
                 "urn:ietf:params:oauth:grant-type:jwt-bearer"],
             claim_types_supported=["normal", "aggregated", "distributed"],
             claims_supported=_claims,
-            claims_parameter_supported="true",
-            request_parameter_supported="true",
-            request_uri_parameter_supported="true",
+            claims_parameter_supported=True,
+            request_parameter_supported=True,
+            request_uri_parameter_supported=True,
         )
 
         sign_algs = jws.SIGNER_ALGS.keys()