diff --git a/composer.json b/composer.json
index 3a2df2535..0ebd9386e 100644
--- a/composer.json
+++ b/composer.json
@@ -16,7 +16,7 @@
     "require": {
         "php": "^7.3|^8.0",
         "ext-json": "*",
-        "firebase/php-jwt": "^5.0",
+        "firebase/php-jwt": "^6.0",
         "illuminate/auth": "^8.37|^9.0",
         "illuminate/console": "^8.37|^9.0",
         "illuminate/container": "^8.37|^9.0",
diff --git a/src/ApiTokenCookieFactory.php b/src/ApiTokenCookieFactory.php
index 3d7d83d02..ffed5d1e3 100644
--- a/src/ApiTokenCookieFactory.php
+++ b/src/ApiTokenCookieFactory.php
@@ -77,6 +77,6 @@ protected function createToken($userId, $csrfToken, Carbon $expiration)
             'sub' => $userId,
             'csrf' => $csrfToken,
             'expiry' => $expiration->getTimestamp(),
-        ], Passport::tokenEncryptionKey($this->encrypter));
+        ], Passport::tokenEncryptionKey($this->encrypter), 'HS256');
     }
 }
diff --git a/src/Guards/TokenGuard.php b/src/Guards/TokenGuard.php
index 00cbe4863..921223edd 100644
--- a/src/Guards/TokenGuard.php
+++ b/src/Guards/TokenGuard.php
@@ -4,6 +4,7 @@
 
 use Exception;
 use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
 use Illuminate\Container\Container;
 use Illuminate\Contracts\Debug\ExceptionHandler;
 use Illuminate\Contracts\Encryption\Encrypter;
@@ -269,8 +270,7 @@ protected function decodeJwtTokenCookie($request)
     {
         return (array) JWT::decode(
             CookieValuePrefix::remove($this->encrypter->decrypt($request->cookie(Passport::cookie()), Passport::$unserializesCookies)),
-            Passport::tokenEncryptionKey($this->encrypter),
-            ['HS256']
+            new Key(Passport::tokenEncryptionKey($this->encrypter), 'HS256')
         );
     }
 
diff --git a/tests/Unit/TokenGuardTest.php b/tests/Unit/TokenGuardTest.php
index b586eff99..83608d861 100644
--- a/tests/Unit/TokenGuardTest.php
+++ b/tests/Unit/TokenGuardTest.php
@@ -134,7 +134,7 @@ public function test_users_may_be_retrieved_from_cookies_with_csrf_token_header(
                 'aud' => 1,
                 'csrf' => 'token',
                 'expiry' => Carbon::now()->addMinutes(10)->getTimestamp(),
-            ], str_repeat('a', 16)), false)
+            ], str_repeat('a', 16), 'HS256'), false)
         );
 
         $userProvider->shouldReceive('retrieveById')->with(1)->andReturn($expectedUser = new TokenGuardTestUser);
@@ -167,7 +167,7 @@ public function test_users_may_be_retrieved_from_cookies_with_xsrf_token_header(
                 'aud' => 1,
                 'csrf' => 'token',
                 'expiry' => Carbon::now()->addMinutes(10)->getTimestamp(),
-            ], str_repeat('a', 16)), false)
+            ], str_repeat('a', 16), 'HS256'), false)
         );
 
         $userProvider->shouldReceive('retrieveById')->with(1)->andReturn($expectedUser = new TokenGuardTestUser);
@@ -196,7 +196,7 @@ public function test_cookie_xsrf_is_verified_against_csrf_token_header()
                 'aud' => 1,
                 'csrf' => 'token',
                 'expiry' => Carbon::now()->addMinutes(10)->getTimestamp(),
-            ], str_repeat('a', 16)))
+            ], str_repeat('a', 16), 'HS256'))
         );
 
         $userProvider->shouldReceive('retrieveById')->never();
@@ -222,7 +222,7 @@ public function test_cookie_xsrf_is_verified_against_xsrf_token_header()
                 'aud' => 1,
                 'csrf' => 'token',
                 'expiry' => Carbon::now()->addMinutes(10)->getTimestamp(),
-            ], str_repeat('a', 16)))
+            ], str_repeat('a', 16), 'HS256'))
         );
 
         $userProvider->shouldReceive('retrieveById')->never();
@@ -256,7 +256,7 @@ public function test_users_may_be_retrieved_from_cookies_with_xsrf_token_header_
                 'aud' => 1,
                 'csrf' => 'token',
                 'expiry' => Carbon::now()->addMinutes(10)->getTimestamp(),
-            ], Passport::tokenEncryptionKey($encrypter)), false)
+            ], Passport::tokenEncryptionKey($encrypter), 'HS256'), false)
         );
 
         $userProvider->shouldReceive('retrieveById')->with(1)->andReturn($expectedUser = new TokenGuardTestUser);
@@ -288,7 +288,7 @@ public function test_xsrf_token_cookie_without_a_token_header_is_not_accepted()
                 'aud' => 1,
                 'csrf' => 'token',
                 'expiry' => Carbon::now()->addMinutes(10)->getTimestamp(),
-            ], str_repeat('a', 16)))
+            ], str_repeat('a', 16), 'HS256'))
         );
 
         $userProvider->shouldReceive('retrieveById')->never();
@@ -314,7 +314,7 @@ public function test_expired_cookies_may_not_be_used()
                 'aud' => 1,
                 'csrf' => 'token',
                 'expiry' => Carbon::now()->subMinutes(10)->getTimestamp(),
-            ], str_repeat('a', 16)))
+            ], str_repeat('a', 16), 'HS256'))
         );
 
         $userProvider->shouldReceive('retrieveById')->never();
@@ -344,7 +344,7 @@ public function test_csrf_check_can_be_disabled()
                 'sub' => 1,
                 'aud' => 1,
                 'expiry' => Carbon::now()->addMinutes(10)->getTimestamp(),
-            ], str_repeat('a', 16)), false)
+            ], str_repeat('a', 16), 'HS256'), false)
         );
 
         $userProvider->shouldReceive('retrieveById')->with(1)->andReturn($expectedUser = new TokenGuardTestUser);
@@ -443,7 +443,7 @@ public function test_clients_may_be_retrieved_from_cookies()
                 'aud' => 1,
                 'csrf' => 'token',
                 'expiry' => Carbon::now()->addMinutes(10)->getTimestamp(),
-            ], str_repeat('a', 16)), false)
+            ], str_repeat('a', 16), 'HS256'), false)
         );
 
         $clients->shouldReceive('findActive')->with(1)->andReturn($expectedClient = new TokenGuardTestClient);