diff --git a/app/controllers/browse_everything/providers_controller.rb b/app/controllers/browse_everything/providers_controller.rb
index 6777e678..4bab6ef4 100644
--- a/app/controllers/browse_everything/providers_controller.rb
+++ b/app/controllers/browse_everything/providers_controller.rb
@@ -82,7 +82,7 @@ def build_json_web_token(authorization)
         }
 
         # @todo This needs to be shared with the client
-        JWT.encode(payload, 'secret', 'none')
+        JWT.encode(payload, Rails.application.secrets.secret_key_base, 'HS256')
       end
   end
 end
diff --git a/app/controllers/concerns/browse_everything/controller/authorizable.rb b/app/controllers/concerns/browse_everything/controller/authorizable.rb
index 330408ad..c0f7f6a8 100644
--- a/app/controllers/concerns/browse_everything/controller/authorizable.rb
+++ b/app/controllers/concerns/browse_everything/controller/authorizable.rb
@@ -32,8 +32,7 @@ def token_data
         def json_web_tokens
           return [] unless token_data
 
-          # @todo This needs to be shared with the client
-          @json_web_tokens ||= JWT.decode(token_data, 'secret', false)
+          @json_web_tokens ||= JWT.decode(token_data, Rails.application.secrets.secret_key_base, false, { algorithm: 'HS256' })
         end
 
         # @return [Array<Hash>] the set of serialized Authorizations transmitted