diff --git a/custom/lib/Auth.php b/custom/lib/Auth.php
index 3c1c477..7921b00 100644
--- a/custom/lib/Auth.php
+++ b/custom/lib/Auth.php
@@ -36,7 +36,7 @@ public function __construct(private string $appId, private Configuration $config
             $httpClient,
             $httpFactory,
             $cacheItemPool,
-            null,
+            60 * 60 * 24, // expires in 24 hours
             true
         );
     }
@@ -56,19 +56,12 @@ public function validateJwt(string $jwt): string
             throw new InvalidArgumentException('JWT is required');
         }
 
-        $jwtSegments = explode('.', $jwt);
-        if (count($jwtSegments) !== 3) {
-            throw new InvalidArgumentException('Invalid JWT format');
-        }
-
-        $decodedHeader = JWT::urlsafeB64Decode($jwtSegments[0]);
-        $header = json_decode($decodedHeader);
+        $decodedToken = JWT::decode($jwt, $this->jwks);
 
-        if (!$header->kid) {
-            throw new InvalidArgumentException('Missing kid in token');
+        if (!in_array($this->appId, $decodedToken->aud)) {
+            throw new UnexpectedValueException('JWT audience does not match');
         }
 
-        $decodedToken = JWT::decode($jwt, $this->jwks);
         $userId = $decodedToken->sub;
 
         if (!$userId) {
diff --git a/custom/test/AuthTest.php b/custom/test/AuthTest.php
index 55361ed..c7a7c83 100644
--- a/custom/test/AuthTest.php
+++ b/custom/test/AuthTest.php
@@ -3,7 +3,7 @@
 namespace Passage\Test;
 
 use Dotenv\Dotenv;
-use InvalidArgumentException;
+use UnexpectedValueException;
 use PHPUnit\Framework\TestCase;
 use Passage\Client\Passage;
 
@@ -38,8 +38,8 @@ public function testValidateJwtValidToken()
 
     public function testValidateJwtInvalidTokenStructure()
     {
-        $this->expectException(InvalidArgumentException::class);
-        $this->expectExceptionMessage('Invalid JWT format');
+        $this->expectException(UnexpectedValueException::class);
+        $this->expectExceptionMessage('Wrong number of segments');
         $this->passage->auth->validateJwt('incorrect.token');
     }
 }
diff --git a/custom/test/PassageTest.php b/custom/test/PassageTest.php
index 8d0bf09..273d665 100644
--- a/custom/test/PassageTest.php
+++ b/custom/test/PassageTest.php
@@ -50,13 +50,13 @@ public function testPassageVersionHeader()
 
     public function testConstructorWithAppId()
     {
-        $passage = new Passage('123456', '987654');
+        $passage = new Passage($this->appId, $this->apiKey);
 
         // Assert that the object was created successfully
         $this->assertInstanceOf(Passage::class, $passage);
 
         // Assert that app_id and api_key properties are correctly set
-        $this->assertEquals('123456', $passage->getAppId());
+        $this->assertEquals($this->appId, $passage->getAppId());
     }
 
     public function testGetApp()