diff --git a/go.mod b/go.mod
index a5012d69..574a5598 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/99designs/gqlgen v0.17.41
 	github.com/felixge/httpsnoop v1.0.4
 	github.com/fsnotify/fsnotify v1.5.1
-	github.com/golang-jwt/jwt/v4 v4.0.0
+	github.com/golang-jwt/jwt/v4 v4.5.1
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/graph-gophers/graphql-go v1.5.0
diff --git a/go.sum b/go.sum
index 2d0c67d8..9968eb92 100644
--- a/go.sum
+++ b/go.sum
@@ -99,8 +99,8 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me
 github.com/gofrs/uuid v4.2.0+incompatible h1:yyYWMnhkhrKwwr8gAOcOCYxOOscHgDS9yZgBrnJfGa0=
 github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o=
-github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
+github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
diff --git a/plugins/auth_jwt.go b/plugins/auth_jwt.go
index 65ad1c80..115257d2 100644
--- a/plugins/auth_jwt.go
+++ b/plugins/auth_jwt.go
@@ -9,6 +9,7 @@ import (
 	log "log/slog"
 	"net/http"
 	"os"
+	"strings"
 
 	"github.com/go-jose/go-jose/v4"
 	"github.com/golang-jwt/jwt/v4"
@@ -109,7 +110,7 @@ func (p *JWTPlugin) Configure(cfg *bramble.Config, data json.RawMessage) error {
 }
 
 type Claims struct {
-	jwt.StandardClaims
+	jwt.RegisteredClaims
 	Role string
 }
 
@@ -159,18 +160,18 @@ func (p *JWTPlugin) ApplyMiddlewarePublicMux(h http.Handler) http.Handler {
 
 		ctx := r.Context()
 		ctx = bramble.AddPermissionsToContext(ctx, role)
-		ctx = addStandardJWTClaimsToOutgoingRequest(ctx, claims.StandardClaims)
+		ctx = addStandardJWTClaimsToOutgoingRequest(ctx, claims.RegisteredClaims)
 		ctx = bramble.AddOutgoingRequestsHeaderToContext(ctx, "JWT-Claim-Role", claims.Role)
 		h.ServeHTTP(rw, r.WithContext(ctx))
 	})
 }
 
-func addStandardJWTClaimsToOutgoingRequest(ctx context.Context, claims jwt.StandardClaims) context.Context {
-	if claims.Audience != "" {
-		ctx = bramble.AddOutgoingRequestsHeaderToContext(ctx, "JWT-Claim-Audience", claims.Audience)
+func addStandardJWTClaimsToOutgoingRequest(ctx context.Context, claims jwt.RegisteredClaims) context.Context {
+	if len(claims.Audience) > 0 {
+		ctx = bramble.AddOutgoingRequestsHeaderToContext(ctx, "JWT-Claim-Audience", strings.Join(claims.Audience, ","))
 	}
-	if claims.Id != "" {
-		ctx = bramble.AddOutgoingRequestsHeaderToContext(ctx, "JWT-Claim-ID", claims.Id)
+	if claims.ID != "" {
+		ctx = bramble.AddOutgoingRequestsHeaderToContext(ctx, "JWT-Claim-ID", claims.ID)
 	}
 	if claims.Issuer != "" {
 		ctx = bramble.AddOutgoingRequestsHeaderToContext(ctx, "JWT-Claim-Issuer", claims.Issuer)
diff --git a/plugins/auth_jwt_test.go b/plugins/auth_jwt_test.go
index b73fb60a..b4c00178 100644
--- a/plugins/auth_jwt_test.go
+++ b/plugins/auth_jwt_test.go
@@ -69,9 +69,9 @@ func TestJWTPlugin(t *testing.T) {
 
 		token, err := jwt.NewWithClaims(jwt.SigningMethodRS256, &Claims{
 			Role: "basic_role",
-			StandardClaims: jwt.StandardClaims{
-				Audience: "test-audience",
-				Id:       "test-id",
+			RegisteredClaims: jwt.RegisteredClaims{
+				Audience: jwt.ClaimStrings{"test-audience"},
+				ID:       "test-id",
 				Issuer:   "test-issuer",
 				Subject:  "test-subject",
 			},
@@ -104,8 +104,8 @@ func TestJWTPlugin(t *testing.T) {
 		require.NoError(t, err)
 
 		token, err := jwt.NewWithClaims(jwt.SigningMethodRS256, &Claims{
-			StandardClaims: jwt.StandardClaims{
-				ExpiresAt: time.Now().Add(-1 * time.Second).Unix(),
+			RegisteredClaims: jwt.RegisteredClaims{
+				ExpiresAt: jwt.NewNumericDate(time.Now().Add(-1 * time.Second)),
 			},
 			Role: "basic_role",
 		}).SignedString(privateKey)
@@ -182,9 +182,9 @@ func TestJWTPlugin(t *testing.T) {
 
 		token := jwt.NewWithClaims(jwt.SigningMethodRS256, &Claims{
 			Role: "basic_role",
-			StandardClaims: jwt.StandardClaims{
-				Audience: "test-audience",
-				Id:       "test-id",
+			RegisteredClaims: jwt.RegisteredClaims{
+				Audience: jwt.ClaimStrings{"test-audience"},
+				ID:       "test-id",
 				Issuer:   "test-issuer",
 				Subject:  "test-subject",
 			},