diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0c26add8..eefd8712 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ You can find and compare releases at the GitHub release page.
 
 ### Added
 - Different TTL configurations for each guard
+- lcobucci/jwt: add array support for `aud` claim
 
 ## [2.0.0] 2022-09-08
 - No changes to 2.0.0-RC1
diff --git a/src/Providers/JWT/Lcobucci.php b/src/Providers/JWT/Lcobucci.php
index 937c2371..0a5be6e1 100644
--- a/src/Providers/JWT/Lcobucci.php
+++ b/src/Providers/JWT/Lcobucci.php
@@ -202,7 +202,11 @@ protected function addClaim($key, $value)
                 $this->builder->issuedBy($value);
                 break;
             case RegisteredClaims::AUDIENCE:
-                $this->builder->permittedFor($value);
+                if (is_array($value)) {
+                    $this->builder->permittedFor(...$value);
+                } else {
+                    $this->builder->permittedFor($value);
+                }
                 break;
             case RegisteredClaims::SUBJECT:
                 $this->builder->relatedTo($value);
diff --git a/tests/Providers/JWT/LcobucciTest.php b/tests/Providers/JWT/LcobucciTest.php
index 6413922f..31b1716e 100644
--- a/tests/Providers/JWT/LcobucciTest.php
+++ b/tests/Providers/JWT/LcobucciTest.php
@@ -231,6 +231,48 @@ public function itShouldCorrectlyInstantiateAnEcdsaSigner()
         $this->assertSame('ES256', $provider->getConfig()->signer()->algorithmId());
     }
 
+    public function testEncodeAudienceClaimString(): void
+    {
+        $payload = [
+            'aud' => 'foo',
+        ];
+
+        $dataSet = new DataSet($payload, 'payload');
+
+        $this->builder->shouldReceive('permittedFor')->once()->andReturnSelf();  // aud
+        $this->builder
+            ->shouldReceive('getToken')
+            ->once()
+            ->with(\Mockery::type(Signer::class), \Mockery::type(Key::class))
+            ->andReturn(new Token\Plain(new DataSet([], 'header'), $dataSet, new Token\Signature('', 'signature')));
+
+        /** @var Token $token */
+        $token = $this->getProvider('secret', 'HS256')->encode($payload);
+
+        $this->assertSame('header.payload.signature', $token);
+    }
+
+    public function testEncodeAudienceClaimArray(): void
+    {
+        $payload = [
+            'aud' => ['foo', 'bar'],
+        ];
+
+        $dataSet = new DataSet($payload, 'payload');
+
+        $this->builder->shouldReceive('permittedFor')->once()->andReturnSelf();  // aud
+        $this->builder
+            ->shouldReceive('getToken')
+            ->once()
+            ->with(\Mockery::type(Signer::class), \Mockery::type(Key::class))
+            ->andReturn(new Token\Plain(new DataSet([], 'header'), $dataSet, new Token\Signature('', 'signature')));
+
+        /** @var Token $token */
+        $token = $this->getProvider('secret', 'HS256')->encode($payload);
+
+        $this->assertSame('header.payload.signature', $token);
+    }
+
     public function getProvider($secret, $algo, array $keys = [])
     {
         $provider = new Lcobucci($secret, $algo, $keys);