diff --git a/account/jwt.go b/account/jwt.go
index c7371bd..217f090 100644
--- a/account/jwt.go
+++ b/account/jwt.go
@@ -11,10 +11,10 @@ import (
 )
 
 type JWTPurpose string
-type VerifyTokenFunc func(claim jwt.RegisteredClaims) error
+type VerifyTokenFunc func(claim *jwt.RegisteredClaims) error
 
 var (
-	nopVerifyFunc VerifyTokenFunc = func(claim jwt.RegisteredClaims) error {
+	nopVerifyFunc VerifyTokenFunc = func(claim *jwt.RegisteredClaims) error {
 		return nil
 	}
 
@@ -84,7 +84,7 @@ func JWTVerifyToken(token string, domain string, privateKey ed25519.PrivateKey,
 		return nil, fmt.Errorf("%w: %s", ErrJWTUnexpectedIssuer, claim.Issuer)
 	}
 
-	err = verifyFunc(validatedToken.Claims.(jwt.RegisteredClaims))
+	err = verifyFunc(claim)
 
 	return nil, err
 }
diff --git a/api/middleware/middleware.go b/api/middleware/middleware.go
index d353a65..a807a0f 100644
--- a/api/middleware/middleware.go
+++ b/api/middleware/middleware.go
@@ -125,7 +125,7 @@ func AuthMiddleware(options AuthMiddlewareOptions) func(http.Handler) http.Handl
 				return
 			}
 
-			claim, err := account.JWTVerifyToken(authToken, domain, options.Identity, func(claim jwt.RegisteredClaims) error {
+			claim, err := account.JWTVerifyToken(authToken, domain, options.Identity, func(claim *jwt.RegisteredClaims) error {
 				aud, _ := claim.GetAudience()
 
 				if slices.Contains[jwt.ClaimStrings, string](aud, string(options.Purpose)) == false {