diff --git a/app/controllers/api/openid_connect/token_endpoint_controller.rb b/app/controllers/api/openid_connect/token_endpoint_controller.rb
index c8fd53c2d..378f0086b 100644
--- a/app/controllers/api/openid_connect/token_endpoint_controller.rb
+++ b/app/controllers/api/openid_connect/token_endpoint_controller.rb
@@ -8,7 +8,8 @@ module Api
         if req["client_assertion_type"] == "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
           handle_jwt_bearer(req)
         end
-        self.status, response.headers, self.response_body = Api::OpenidConnect::TokenEndpoint.new.call(request.env)
+        self.status, headers, self.response_body = Api::OpenidConnect::TokenEndpoint.new.call(request.env)
+        headers.each {|name, value| response.headers[name] = value }
         nil
       end