diff --git a/go.mod b/go.mod
index 16839f8..e2ed351 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,6 @@ require (
 	github.com/charmbracelet/ssh v0.0.0-20221117183211-483d43d97103
 	github.com/charmbracelet/wish v1.1.1
 	github.com/dgraph-io/badger/v3 v3.2103.2
-	github.com/go-jose/go-jose v2.6.2+incompatible
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/uuid v1.3.0
 	github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115
@@ -32,6 +31,7 @@ require (
 	goji.io v2.0.2+incompatible
 	golang.org/x/crypto v0.21.0
 	golang.org/x/sync v0.6.0
+	gopkg.in/go-jose/go-jose.v2 v2.6.2
 	modernc.org/sqlite v1.29.2
 )
 
@@ -83,7 +83,6 @@ require (
 	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
-	gopkg.in/go-jose/go-jose.v2 v2.6.2 // indirect
 	modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 // indirect
 	modernc.org/libc v1.41.0 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
diff --git a/go.sum b/go.sum
index 19e839a..7bf6f24 100644
--- a/go.sum
+++ b/go.sum
@@ -139,8 +139,6 @@ github.com/go-git/go-git/v5 v5.6.1/go.mod h1:mvyoL6Unz0PiTQrGQfSfiLFhBH1c1e84ylC
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-jose/go-jose v2.6.2+incompatible h1:X6pNb5PAs58olW3wThjNqIEh3CfyV+21e/cW+wQrwBU=
-github.com/go-jose/go-jose v2.6.2+incompatible/go.mod h1:coBhWG9DQz8V/JlBMg3LkUGnarUaxjQlWQUUv9Cv7tw=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
diff --git a/server/http.go b/server/http.go
index 20f9c21..c9ded6a 100644
--- a/server/http.go
+++ b/server/http.go
@@ -19,12 +19,12 @@ import (
 	charm "github.com/charmbracelet/charm/proto"
 	"github.com/charmbracelet/charm/server/db"
 	"github.com/charmbracelet/charm/server/storage"
-	"github.com/go-jose/go-jose"
 	"github.com/meowgorithm/babylogger"
 	"goji.io"
 	"goji.io/pat"
 	"goji.io/pattern"
 	"golang.org/x/sync/errgroup"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 
 const resultsPerPage = 50
diff --git a/server/jwk.go b/server/jwk.go
index 779cd41..4b91754 100644
--- a/server/jwk.go
+++ b/server/jwk.go
@@ -5,7 +5,7 @@ import (
 	"crypto/sha256"
 	"fmt"
 
-	jose "github.com/go-jose/go-jose"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 
 // JSONWebKeyPair holds the ED25519 private key and JSON Web Key used in JWT
diff --git a/server/middleware.go b/server/middleware.go
index 9dc3d45..7ad64c2 100644
--- a/server/middleware.go
+++ b/server/middleware.go
@@ -2,12 +2,12 @@ package server
 
 import (
 	"context"
-	"crypto"
 	"fmt"
 	"net/http"
 	"strings"
 
 	"github.com/charmbracelet/log"
+	"gopkg.in/go-jose/go-jose.v2"
 
 	jwtmiddleware "github.com/auth0/go-jwt-middleware/v2"
 	"github.com/auth0/go-jwt-middleware/v2/validator"
@@ -65,7 +65,7 @@ func PublicPrefixesMiddleware(prefixes []string) func(http.Handler) http.Handler
 
 // JWTMiddleware creates a new middleware function that will validate JWT
 // tokens based on the supplied public key.
-func JWTMiddleware(pk crypto.PublicKey, iss string, aud []string) (func(http.Handler) http.Handler, error) {
+func JWTMiddleware(pk jose.JSONWebKey, iss string, aud []string) (func(http.Handler) http.Handler, error) {
 	jm, err := jwtMiddlewareImpl(pk, iss, aud)
 	if err != nil {
 		return nil, err
@@ -134,9 +134,12 @@ func charmIDFromRequest(r *http.Request) (string, error) {
 	return sub, nil
 }
 
-func jwtMiddlewareImpl(pk crypto.PublicKey, iss string, aud []string) (func(http.Handler) http.Handler, error) {
-	kf := func(ctx context.Context) (interface{}, error) {
-		return pk, nil
+func jwtMiddlewareImpl(pk jose.JSONWebKey, iss string, aud []string) (func(http.Handler) http.Handler, error) {
+	kf := func(context.Context) (interface{}, error) {
+		jwks := jose.JSONWebKeySet{
+			Keys: []jose.JSONWebKey{pk},
+		}
+		return &jwks, nil
 	}
 	v, err := validator.New(
 		kf,