diff --git a/README.md b/README.md
index d773357..741e84b 100644
--- a/README.md
+++ b/README.md
@@ -43,14 +43,15 @@ Check the `/example` folder where example code for different scenarios is locate
 ```bash
 # start oidc op server
 # oidc discovery http://localhost:9998/.well-known/openid-configuration
-CAOS_OIDC_DEV=1 go run github.com/caos/oidc/example/server/default
+go run github.com/caos/oidc/example/server
 # start oidc web client
-CLIENT_ID=web CLIENT_SECRET=web ISSUER=http://localhost:9998/ SCOPES=openid PORT=5556 go run github.com/caos/oidc/example/client/app
+CLIENT_ID=web CLIENT_SECRET=secret ISSUER=http://localhost:9998/ SCOPES="openid profile" PORT=9999 go run github.com/caos/oidc/example/client/app
 ```
 
-- browser http://localhost:5556/login will redirect to op server
-- input id to login
-- redirect to client app display user info
+- open http://localhost:9999/login in your browser
+- you will be redirected to op server and the login UI 
+- login with user `test-user` and password `verysecret`
+- the OP will redirect you to the client app, which displays the user info
 
 ## Features
 
diff --git a/example/server/internal/storage.go b/example/server/internal/storage.go
index f879e86..8f1b89d 100644
--- a/example/server/internal/storage.go
+++ b/example/server/internal/storage.go
@@ -5,6 +5,7 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"fmt"
+	"math/big"
 	"time"
 
 	"github.com/google/uuid"
@@ -15,6 +16,18 @@ import (
 	"github.com/caos/oidc/pkg/op"
 )
 
+var (
+	//serviceKey1 is a public key which will be used for the JWT Profile Authorization Grant
+	//the corresponding private key is in the service-key1.json (for demonstration purposes)
+	serviceKey1 = &rsa.PublicKey{
+		N: func() *big.Int {
+			n, _ := new(big.Int).SetString("00f6d44fb5f34ac2033a75e73cb65ff24e6181edc58845e75a560ac21378284977bb055b1a75b714874e2a2641806205681c09abec76efd52cf40984edcf4c8ca09717355d11ac338f280d3e4c905b00543bdb8ee5a417496cb50cb0e29afc5a0d0471fd5a2fa625bd5281f61e6b02067d4fe7a5349eeae6d6a4300bcd86eef331", 16)
+			return n
+		}(),
+		E: 65537,
+	}
+)
+
 //storage implements the op.Storage interface
 //typically you would implement this as a layer on top of your database
 //for simplicity this example keeps everything in-memory
@@ -57,6 +70,13 @@ func NewStorage() *storage {
 				preferredLanguage: language.German,
 			},
 		},
+		services: map[string]Service{
+			"service": {
+				keys: map[string]*rsa.PublicKey{
+					"key1": serviceKey1,
+				},
+			},
+		},
 		signingKey: signingKey{
 			ID:        "id",
 			Algorithm: "RS256",
diff --git a/example/server/service-key1.json b/example/server/service-key1.json
new file mode 100644
index 0000000..a0d20e8
--- /dev/null
+++ b/example/server/service-key1.json
@@ -0,0 +1 @@
+{"type":"serviceaccount","keyId":"key1","key":"-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQD21E+180rCAzp15zy2X/JOYYHtxYhF51pWCsITeChJd7sFWxp1\ntxSHTiomQYBiBWgcCavsdu/VLPQJhO3PTIyglxc1XRGsM48oDT5MkFsAVDvbjuWk\nF0lstQyw4pr8Wg0Ecf1aL6YlvVKB9h5rAgZ9T+elNJ7q5takMAvNhu7zMQIDAQAB\nAoGAeLRw2qjEaUZM43WWchVPmFcEw/MyZgTyX1tZd03uXacolUDtGp3ScyydXiHw\nF39PX063fabYOCaInNMdvJ9RsQz2OcZuS/K6NOmWhzBfLgs4Y1tU6ijoY/gBjHgu\nCV0KjvoWIfEtKl/On/wTrAnUStFzrc7U4dpKFP1fy2ZTTnECQQD8aP2QOxmKUyfg\nBAjfonpkrNeaTRNwTULTvEHFiLyaeFd1PAvsDiKZtpk6iHLb99mQZkVVtAK5qgQ4\n1OI72jkVAkEA+lcAamuZAM+gIiUhbHA7BfX9OVgyGDD2tx5g/kxhMUmK6hIiO6Ul\n0nw5KfrCEUU3AzrM7HejUg3q61SYcXTgrQJBALhrzbhwNf0HPP9Ec2dSw7KDRxSK\ndEV9bfJefn/hpEwI2X3i3aMfwNAmxlYqFCH8OY5z6vzvhX46ZtNPV+z7SPECQQDq\nApXi5P27YlpgULEzup2R7uZsymLZdjvJ5V3pmOBpwENYlublNnVqkrCk60CqADdy\nj26rxRIoS9ZDcWqm9AhpAkEAyrNXBMJh08ghBMb3NYPFfr/bftRJSrGjhBPuJ5qr\nXzWaXhYVMMh3OSAwzHBJbA1ffdQJuH2ebL99Ur5fpBcbVw==\n-----END RSA PRIVATE KEY-----\n","userId":"service"}