diff --git a/src/app/Observers/TokenObserver.php b/src/app/Observers/TokenObserver.php
--- a/src/app/Observers/TokenObserver.php
+++ b/src/app/Observers/TokenObserver.php
@@ -9,9 +9,9 @@
     public function creating(Token $token): void
     {
         $scopes = $token->scopes;
-        $allowedScopes = $token->client->getAllowedScopes();
+        $allowedScopes = (\App\PassportClient)($token->client)->getAllowedScopes();
         if (!empty($allowedScopes)) {
-            $scopes = array_intersect($scopes, $token->client->getAllowedScopes());
+            $scopes = array_intersect($scopes, (\App\PassportClient)($token->client)->getAllowedScopes());
         }
         $scopes = array_unique($scopes, SORT_REGULAR);
         $token->scopes = $scopes;
diff --git a/src/app/PassportClient.php b/src/app/PassportClient.php
--- a/src/app/PassportClient.php
+++ b/src/app/PassportClient.php
@@ -9,14 +9,10 @@
  */
 class PassportClient extends \Laravel\Passport\Client
 {
-    public function __construct(array $attributes = [])
-    {
-        $this->mergeCasts([
-            'allowed_scopes' => 'array',
-        ]);
-
-        parent::__construct($attributes);
-    }
+    /** @var array<string, string> The attributes that should be cast */
+    protected $casts = [
+        'allowed_scopes' => 'array',
+    ];
 
     public function getAllowedScopes(): array
     {
diff --git a/src/config/app.php b/src/config/app.php
--- a/src/config/app.php
+++ b/src/config/app.php
@@ -278,5 +278,8 @@
     'woat_ns2' => env('WOAT_NS2', 'ns02.' . env('APP_DOMAIN')),
 
     'ratelimit_whitelist' => explode(',', env('RATELIMIT_WHITELIST', '')),
-    'companion_download_link' => env('COMPANION_DOWNLOAD_LINK', "https://mirror.apheleia-it.ch/pub/companion-app-beta.apk")
+    'companion_download_link' => env(
+        'COMPANION_DOWNLOAD_LINK',
+        "https://mirror.apheleia-it.ch/pub/companion-app-beta.apk"
+    )
 ];
diff --git a/src/resources/lang/en/ui.php b/src/resources/lang/en/ui.php
--- a/src/resources/lang/en/ui.php
+++ b/src/resources/lang/en/ui.php
@@ -69,8 +69,10 @@
         'list-empty' => "There are currently no devices",
         'delete' => "Delete/Unpair",
         'delete-companion' => "Delete/Unpair",
-        'delete-text' => "You are about to delete this entry and unpair any paired companion app. This cannot be undone, but you can re-pair the device.",
-        'pairing-successful' => "Your companion app is paired and ready to be used as multi-factor authentication device.",
+        'delete-text' => "You are about to delete this entry and unpair any paired companion app. " .
+            "This cannot be undone, but you can re-pair the device.",
+        'pairing-successful' => "Your companion app is paired and ready to be used " .
+            "as multi-factor authentication device.",
     ],
 
     'dashboard' => [
diff --git a/src/routes/api.php b/src/routes/api.php
--- a/src/routes/api.php
+++ b/src/routes/api.php
@@ -81,7 +81,8 @@
     ],
     function () {
         Route::apiResource('companions', API\V4\CompanionAppsController::class);
-        //This must not be accessible with the 2fa token to prevent an attacker from pairing a new device with a stolen token.
+        // This must not be accessible with the 2fa token,
+        // to prevent an attacker from pairing a new device with a stolen token.
         Route::get('companions/{id}/pairing', [API\V4\CompanionAppsController::class, 'pairing']);
 
         Route::apiResource('domains', API\V4\DomainsController::class);