diff --git a/internal/auth/jwt.go b/internal/auth/jwt.go
index 38bf106..854c955 100644
--- a/internal/auth/jwt.go
+++ b/internal/auth/jwt.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"os"
 
+	"gitea.local/admin/hspguard/internal/types"
 	"github.com/golang-jwt/jwt/v5"
 )
 
@@ -63,12 +64,13 @@ func SignJwtToken(claims jwt.Claims) (string, error) {
 	return s, nil
 }
 
-func VerifyToken(token string, claims jwt.Claims) (*jwt.Token, error) {
+func VerifyToken(token string) (*jwt.Token, *types.UserClaims, error) {
 	publicKey, err := parseBase64PublicKey("JWT_PUBLIC_KEY")
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
+	claims := &types.UserClaims{}
 	parsed, err := jwt.ParseWithClaims(token, claims, func(t *jwt.Token) (any, error) {
 		if _, ok := t.Method.(*jwt.SigningMethodECDSA); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
@@ -77,13 +79,13 @@ func VerifyToken(token string, claims jwt.Claims) (*jwt.Token, error) {
 	})
 
 	if err != nil {
-		return nil, fmt.Errorf("invalid token: %w", err)
+		return nil, nil, fmt.Errorf("invalid token: %w", err)
 	}
 
 	if !parsed.Valid {
-		return nil, fmt.Errorf("token is not valid")
+		return nil, nil, fmt.Errorf("token is not valid")
 	}
 
-	return parsed, nil
+	return parsed, claims, nil
 }