diff --git a/go.mod b/go.mod
index d6360132a8..d339b477cd 100644
--- a/go.mod
+++ b/go.mod
@@ -36,7 +36,7 @@ require (
 	github.com/go-redis/redis/v8 v8.11.1
 	github.com/go-sql-driver/mysql v1.6.0
 	github.com/go-testfixtures/testfixtures/v3 v3.6.1
-	github.com/golang-jwt/jwt v3.2.2+incompatible
+	github.com/golang-jwt/jwt/v4 v4.0.0
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/iancoleman/strcase v0.2.0
diff --git a/go.sum b/go.sum
index 08e84f6ff9..50a6204125 100644
--- a/go.sum
+++ b/go.sum
@@ -231,6 +231,8 @@ github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zV
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o=
+github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
diff --git a/pkg/integrations/integrations.go b/pkg/integrations/integrations.go
index 1f96cea887..51b759f10d 100644
--- a/pkg/integrations/integrations.go
+++ b/pkg/integrations/integrations.go
@@ -35,7 +35,7 @@ import (
 	"code.vikunja.io/api/pkg/user"
 	"code.vikunja.io/web"
 	"code.vikunja.io/web/handler"
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/labstack/echo/v4"
 	"github.com/stretchr/testify/assert"
 )
diff --git a/pkg/models/link_sharing.go b/pkg/models/link_sharing.go
index ff85fbd211..249a0a121e 100644
--- a/pkg/models/link_sharing.go
+++ b/pkg/models/link_sharing.go
@@ -26,7 +26,7 @@ import (
 	"code.vikunja.io/api/pkg/utils"
 
 	"code.vikunja.io/web"
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"
 	"golang.org/x/crypto/bcrypt"
 	"xorm.io/builder"
 	"xorm.io/xorm"
diff --git a/pkg/modules/auth/auth.go b/pkg/modules/auth/auth.go
index 83495e014d..3a7e77710e 100644
--- a/pkg/modules/auth/auth.go
+++ b/pkg/modules/auth/auth.go
@@ -24,7 +24,7 @@ import (
 	"code.vikunja.io/api/pkg/models"
 	"code.vikunja.io/api/pkg/user"
 	"code.vikunja.io/web"
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/labstack/echo/v4"
 )
 
diff --git a/pkg/routes/api/v1/login.go b/pkg/routes/api/v1/login.go
index 2ce22b3dbd..f606769dff 100644
--- a/pkg/routes/api/v1/login.go
+++ b/pkg/routes/api/v1/login.go
@@ -27,7 +27,7 @@ import (
 	user2 "code.vikunja.io/api/pkg/user"
 	"code.vikunja.io/web/handler"
 
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/labstack/echo/v4"
 )
 
diff --git a/pkg/routes/api/v1/token_check.go b/pkg/routes/api/v1/token_check.go
index af89c8a6ba..2c2a3f3642 100644
--- a/pkg/routes/api/v1/token_check.go
+++ b/pkg/routes/api/v1/token_check.go
@@ -20,7 +20,7 @@ import (
 	"fmt"
 
 	"code.vikunja.io/api/pkg/models"
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/labstack/echo/v4"
 )
 
diff --git a/pkg/routes/routes.go b/pkg/routes/routes.go
index 7232fe6222..7a66c8f13f 100644
--- a/pkg/routes/routes.go
+++ b/pkg/routes/routes.go
@@ -47,6 +47,8 @@
 package routes
 
 import (
+	"errors"
+	"fmt"
 	"strings"
 	"time"
 
@@ -73,9 +75,11 @@ import (
 	"code.vikunja.io/api/pkg/version"
 	"code.vikunja.io/web"
 	"code.vikunja.io/web/handler"
+
 	"github.com/asaskevich/govalidator"
 	"github.com/getsentry/sentry-go"
 	sentryecho "github.com/getsentry/sentry-go/echo"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/echo/v4/middleware"
 	elog "github.com/labstack/gommon/log"
@@ -257,7 +261,27 @@ func registerAPIRoutes(a *echo.Group) {
 
 	// ===== Routes with Authetication =====
 	// Authetification
-	a.Use(middleware.JWT([]byte(config.ServiceJWTSecret.GetString())))
+	a.Use(middleware.JWTWithConfig(middleware.JWTConfig{
+		// Custom parse function to make the middleware work with the github.com/golang-jwt/jwt/v4 package.
+		// See https://github.com/labstack/echo/pull/1916#issuecomment-878046299
+		ParseTokenFunc: func(auth string, c echo.Context) (interface{}, error) {
+			keyFunc := func(t *jwt.Token) (interface{}, error) {
+				if t.Method.Alg() != "HS256" {
+					return nil, fmt.Errorf("unexpected jwt signing method=%v", t.Header["alg"])
+				}
+				return []byte(config.ServiceJWTSecret.GetString()), nil
+			}
+
+			token, err := jwt.Parse(auth, keyFunc)
+			if err != nil {
+				return nil, err
+			}
+			if !token.Valid {
+				return nil, errors.New("invalid token")
+			}
+			return token, nil
+		},
+	}))
 
 	// Rate limit
 	setupRateLimit(a, config.RateLimitKind.GetString())
diff --git a/pkg/user/user.go b/pkg/user/user.go
index 4f4cdd78d4..a97bbb5883 100644
--- a/pkg/user/user.go
+++ b/pkg/user/user.go
@@ -30,7 +30,7 @@ import (
 	"code.vikunja.io/api/pkg/notifications"
 
 	"code.vikunja.io/web"
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/labstack/echo/v4"
 	"golang.org/x/crypto/bcrypt"
 	"xorm.io/xorm"