diff --git a/src/JWT.php b/src/JWT.php
index b4815de..fc4a5b8 100644
--- a/src/JWT.php
+++ b/src/JWT.php
@@ -24,13 +24,13 @@ class JWT
      *   kid?: array-key,
      * }
      */
-    private $headers = [
+    private array $headers = [
         Header::ALGORITHM => null,
         Header::TYPE => 'JWT',
     ];
 
     /** @var array<mixed> */
-    private $claims = [];
+    private array $claims = [];
 
     private string $signature;
 
@@ -43,10 +43,9 @@ public function __construct(array $claims = [])
         $this->is_verified = true;
     } // __construct
 
-    /** @param int|string $keyId */
-    public function getEncoded($keyId = null): string
+    public function getEncoded(int|string|null $keyId = null): string
     {
-        list($alg, $secret, $id) = $this->keys->getKey($keyId);
+        [$alg, $secret, $id] = $this->keys->getKey($keyId);
         $this->headers[Header::ALGORITHM] = $alg;
         $this->headers[Header::KEY_ID] = $id;
 
@@ -132,8 +131,7 @@ private function authenticate(): void
         }
     }
 
-    /** @return int|string|null */
-    public function getKeyID()
+    public function getKeyID(): int|string|null
     {
         return $this->headers[Header::KEY_ID] ?? null;
     } // getKeyID
@@ -163,9 +161,6 @@ private function sign(Secret $key): string
                 throw new Exception("Unsupported algorithm");
             // use openssl_sign and friends to do the signing
         }
-        if ($data === false) { // @phpstan-ignore-line this is valid in PHP<=7.4
-            throw new UnexpectedValueException('Payload could not be hashed');
-        }
         return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
     } // sign
 
diff --git a/src/KeyContainer.php b/src/KeyContainer.php
index a65412b..0d4427c 100644
--- a/src/KeyContainer.php
+++ b/src/KeyContainer.php
@@ -8,39 +8,32 @@ class KeyContainer
 {
 
     /** @var array{Algorithm::*, Secret}[] */
-    private $keys = [];
+    private array $keys = [];
 
-    /** @var int|string|null */
-    private $default;
+    private int|string|null $default = null;
 
-    /** @var int|string|null */
-    private $last;
+    private int|string|null $last = null;
 
     /**
      * @param Algorithm::* $alg
-     * @param array-key $id
      */
-    public function addKey($id, string $alg, Secret $secret): self
+    public function addKey(int|string $id, string $alg, Secret $secret): self
     {
         $this->keys[$id] = [$alg, $secret];
         $this->last = $id;
         return $this;
     }
 
-    /**
-     * @param array-key $id
-     */
-    public function setDefaultKey($id): self
+    public function setDefaultKey(int|string $id): self
     {
         $this->default = $id;
         return $this;
     }
 
     /**
-     * @param ?array-key $id Key ID
      * @return array{Algorithm::*, Secret, string|int}
      */
-    public function getKey($id = null): array
+    public function getKey(int|string|null $id = null): array
     {
         // Prefer explicitly requested > explicit default > most recently added
         $id = $id ?? $this->default ?? $this->last;
@@ -49,7 +42,7 @@ public function getKey($id = null): array
                 "No key found with id '$id'"
             );
         }
-        list($alg, $secret) = $this->keys[$id];
+        [$alg, $secret] = $this->keys[$id];
         return [$alg, $secret, $id];
     }
 }
diff --git a/src/SessionHandler.php b/src/SessionHandler.php
index 2de2d7d..cc1040b 100644
--- a/src/SessionHandler.php
+++ b/src/SessionHandler.php
@@ -12,11 +12,9 @@ class SessionHandler implements SessionHandlerInterface
     const CLAIM = 'sd';
     const DEFAULT_COOKIE = 'jwt_sid';
 
-    /** @var string */
-    private $cookie = self::DEFAULT_COOKIE;
+    private string $cookie = self::DEFAULT_COOKIE;
 
-    /** @var KeyContainer */
-    private $secrets;
+    private KeyContainer $secrets;
 
     /** @var callable */
     private $writer = 'setcookie';
@@ -40,10 +38,7 @@ public function close(): bool
         return true;
     }
 
-    /**
-     * @param string $session_id
-     */
-    public function destroy($session_id): bool
+    public function destroy(string $session_id): bool
     {
         ($this->writer)($this->cookie, '', time()-86400); // Expire yesterday
         return true;
@@ -51,19 +46,16 @@ public function destroy($session_id): bool
 
     /**
      * No-op, interface adherence only
-     * @param int $maxlifetime
      */
-    public function gc($maxlifetime): int
+    public function gc(int $maxlifetime): int
     {
         return 0;
     }
 
     /**
      * No-op, interface adherence only
-     * @param string $save_path
-     * @param string $name
      */
-    public function open($save_path, $name): bool
+    public function open(string $save_path, string $name): bool
     {
         return true;
     }
@@ -73,11 +65,10 @@ public function open($save_path, $name): bool
      * returns the data to be natively unserialized into the $_SESSION
      * superglobal
      *
-     * @param string $session_id (unused)
      * @return string the serialized session string
      * @throws JWTException if JWT processing fails, tampering is detected, etc
      */
-    public function read($session_id): string
+    public function read(string $session_id): string
     {
         // session_id is intentionally ignored
         if (!array_key_exists($this->cookie, $_COOKIE)) {
@@ -99,12 +90,10 @@ public function read($session_id): string
     /**
      * Writes the session data to a cookie containing a signed JWT
      *
-     * @param string $session_id (unused)
-     * @param string $session_data the serialized session data
      * @throws OverflowException if there is too much session data
      * @throws JWTException if the data cannot be signed
      */
-    public function write($session_id, $session_data): bool
+    public function write(string $session_id, string $session_data): bool
     {
         $data = [
             Claim::JWT_ID => $session_id,