diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
index c6c01d4ea..063e3f875 100644
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -12,7 +12,7 @@ jobs:
 
     strategy:
       matrix:
-        php-version: [8.1, 8.2, 8.3]
+        php-version: [8.1, 8.2, 8.3, 8.4]
         composer-stability: [prefer-lowest, prefer-stable]
         operating-system:
           - ubuntu-latest
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 7090fce13..0d76a2fa1 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -11,7 +11,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php: [8.1, 8.2, 8.3]
+        php: [8.1, 8.2, 8.3, 8.4]
         os: [ubuntu-22.04]
         stability: [prefer-lowest, prefer-stable]
 
diff --git a/composer.json b/composer.json
index 9376506a2..9c81075eb 100644
--- a/composer.json
+++ b/composer.json
@@ -4,7 +4,7 @@
     "homepage": "https://oauth2.thephpleague.com/",
     "license": "MIT",
     "require": {
-        "php": "~8.1.0 || ~8.2.0 || ~8.3.0",
+        "php": "~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0",
         "ext-openssl": "*",
         "league/event": "^3.0",
         "league/uri": "^7.0",
@@ -16,9 +16,9 @@
         "psr/http-server-middleware": "^1.0"
     },
     "require-dev": {
-        "phpunit/phpunit": "^9.6.15",
-        "laminas/laminas-diactoros": "^3.3.0",
-        "phpstan/phpstan": "^1.10.55",
+        "phpunit/phpunit": "^9.6.21",
+        "laminas/laminas-diactoros": "^3.5",
+        "phpstan/phpstan": "^1.12",
         "phpstan/phpstan-phpunit": "^1.3.15",
         "roave/security-advisories": "dev-master",
         "phpstan/extension-installer": "^1.3.1",
diff --git a/phpcs.xml.dist b/phpcs.xml.dist
index 6e471456d..b7b0aa4d6 100644
--- a/phpcs.xml.dist
+++ b/phpcs.xml.dist
@@ -33,4 +33,5 @@
     <rule ref="SlevomatCodingStandard.TypeHints.PropertyTypeHint" />
     <rule ref="SlevomatCodingStandard.Commenting.EmptyComment" />
     <rule ref="SlevomatCodingStandard.Classes.RequireConstructorPropertyPromotion" />
+    <rule ref="SlevomatCodingStandard.TypeHints.NullableTypeForNullDefaultValue" />
 </ruleset>
diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php
index 9eff92456..24a38d3fe 100644
--- a/src/Exception/OAuthServerException.php
+++ b/src/Exception/OAuthServerException.php
@@ -33,7 +33,7 @@ class OAuthServerException extends Exception
     /**
      * Throw a new exception.
      */
-    final public function __construct(string $message, int $code, private string $errorType, private int $httpStatusCode = 400, private ?string $hint = null, private ?string $redirectUri = null, Throwable $previous = null)
+    final public function __construct(string $message, int $code, private string $errorType, private int $httpStatusCode = 400, private ?string $hint = null, private ?string $redirectUri = null, ?Throwable $previous = null)
     {
         parent::__construct($message, $code, $previous);
         $this->payload = [
@@ -88,7 +88,7 @@ public static function unsupportedGrantType(): static
     /**
      * Invalid request error.
      */
-    public static function invalidRequest(string $parameter, ?string $hint = null, Throwable $previous = null): static
+    public static function invalidRequest(string $parameter, ?string $hint = null, ?Throwable $previous = null): static
     {
         $errorMessage = 'The request is missing a required parameter, includes an invalid parameter value, ' .
             'includes a parameter more than once, or is otherwise malformed.';
@@ -141,7 +141,7 @@ public static function invalidCredentials(): static
      *
      * @codeCoverageIgnore
      */
-    public static function serverError(string $hint, Throwable $previous = null): static
+    public static function serverError(string $hint, ?Throwable $previous = null): static
     {
         return new static(
             'The authorization server encountered an unexpected condition which prevented it from fulfilling'
@@ -158,7 +158,7 @@ public static function serverError(string $hint, Throwable $previous = null): st
     /**
      * Invalid refresh token.
      */
-    public static function invalidRefreshToken(?string $hint = null, Throwable $previous = null): static
+    public static function invalidRefreshToken(?string $hint = null, ?Throwable $previous = null): static
     {
         return new static('The refresh token is invalid.', 8, 'invalid_grant', 400, $hint, null, $previous);
     }
@@ -166,7 +166,7 @@ public static function invalidRefreshToken(?string $hint = null, Throwable $prev
     /**
      * Access denied.
      */
-    public static function accessDenied(?string $hint = null, ?string $redirectUri = null, Throwable $previous = null): static
+    public static function accessDenied(?string $hint = null, ?string $redirectUri = null, ?Throwable $previous = null): static
     {
         return new static(
             'The resource owner or authorization server denied the request.',
@@ -207,7 +207,7 @@ public function getErrorType(): string
      *
      * @return static
      */
-    public static function expiredToken(?string $hint = null, Throwable $previous = null): static
+    public static function expiredToken(?string $hint = null, ?Throwable $previous = null): static
     {
         $errorMessage = 'The `device_code` has expired and the device ' .
                         'authorization session has concluded.';
@@ -215,7 +215,7 @@ public static function expiredToken(?string $hint = null, Throwable $previous =
         return new static($errorMessage, 11, 'expired_token', 400, $hint, null, $previous);
     }
 
-    public static function authorizationPending(string $hint = '', Throwable $previous = null): static
+    public static function authorizationPending(string $hint = '', ?Throwable $previous = null): static
     {
         return new static(
             'The authorization request is still pending as the end user ' .
@@ -236,7 +236,7 @@ public static function authorizationPending(string $hint = '', Throwable $previo
      *
      * @return static
      */
-    public static function slowDown(string $hint = '', Throwable $previous = null): static
+    public static function slowDown(string $hint = '', ?Throwable $previous = null): static
     {
         return new static(
             'The authorization request is still pending and polling should ' .
diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php
index ea0064c3b..5ab81ff77 100644
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@@ -243,7 +243,7 @@ protected function validateRedirectUri(
      *
      * @return ScopeEntityInterface[]
      */
-    public function validateScopes(string|array|null $scopes, string $redirectUri = null): array
+    public function validateScopes(string|array|null $scopes, ?string $redirectUri = null): array
     {
         if ($scopes === null) {
             $scopes = [];
diff --git a/src/ResourceServer.php b/src/ResourceServer.php
index e89e8d24a..102466fd6 100644
--- a/src/ResourceServer.php
+++ b/src/ResourceServer.php
@@ -22,19 +22,15 @@ class ResourceServer
 {
     private CryptKeyInterface $publicKey;
 
-    private ?AuthorizationValidatorInterface $authorizationValidator = null;
-
     public function __construct(
         private AccessTokenRepositoryInterface $accessTokenRepository,
         CryptKeyInterface|string $publicKey,
-        AuthorizationValidatorInterface $authorizationValidator = null
+        private ?AuthorizationValidatorInterface $authorizationValidator = null
     ) {
         if ($publicKey instanceof CryptKeyInterface === false) {
             $publicKey = new CryptKey($publicKey);
         }
         $this->publicKey = $publicKey;
-
-        $this->authorizationValidator = $authorizationValidator;
     }
 
     protected function getAuthorizationValidator(): AuthorizationValidatorInterface