diff --git a/authority/provisioner/jwk.go b/authority/provisioner/jwk.go
index d81ea21f..4575ca47 100644
--- a/authority/provisioner/jwk.go
+++ b/authority/provisioner/jwk.go
@@ -18,9 +18,9 @@ type jwtPayload struct {
 // JWK is the default provisioner, an entity that can sign tokens necessary for
 // signature requests.
 type JWK struct {
-	Name         string           `json:"name,omitempty"`
-	Type         string           `json:"type,omitempty"`
-	Key          *jose.JSONWebKey `json:"key,omitempty"`
+	Type         string           `json:"type"`
+	Name         string           `json:"name"`
+	Key          *jose.JSONWebKey `json:"key"`
 	EncryptedKey string           `json:"encryptedKey,omitempty"`
 	Claims       *Claims          `json:"claims,omitempty"`
 	audiences    []string
@@ -50,12 +50,10 @@ func (p *JWK) GetEncryptedKey() (string, string, bool) {
 // Init initializes and validates the fields of a JWK type.
 func (p *JWK) Init(config Config) (err error) {
 	switch {
-	case p.Name == "":
-		return errors.New("provisioner name cannot be empty")
-
 	case p.Type == "":
 		return errors.New("provisioner type cannot be empty")
-
+	case p.Name == "":
+		return errors.New("provisioner name cannot be empty")
 	case p.Key == nil:
 		return errors.New("provisioner key cannot be empty")
 	}
diff --git a/authority/provisioner/oidc.go b/authority/provisioner/oidc.go
index 71b3398c..7bf30518 100644
--- a/authority/provisioner/oidc.go
+++ b/authority/provisioner/oidc.go
@@ -87,6 +87,8 @@ func (o *OIDC) GetEncryptedKey() (kid string, key string, ok bool) {
 // Init validates and initializes the OIDC provider.
 func (o *OIDC) Init(config Config) (err error) {
 	switch {
+	case o.Type == "":
+		return errors.New("type cannot be empty")
 	case o.Name == "":
 		return errors.New("name cannot be empty")
 	case o.ClientID == "":