diff --git a/.changes/nextrelease/bugfix-tokenprovider-cache.json b/.changes/nextrelease/bugfix-tokenprovider-cache.json
new file mode 100644
index 0000000000..4495e1b051
--- /dev/null
+++ b/.changes/nextrelease/bugfix-tokenprovider-cache.json
@@ -0,0 +1,7 @@
+[
+  {
+    "type": "bugfix",
+    "category": "Token",
+    "description": "Fixes bug in `TokenProvider::cache()` where tokens are incorrectly written to the cache."
+  }
+]
diff --git a/src/Token/TokenProvider.php b/src/Token/TokenProvider.php
index 198ad877ee..acc0057749 100644
--- a/src/Token/TokenProvider.php
+++ b/src/Token/TokenProvider.php
@@ -212,7 +212,7 @@ public static function cache(
                 ) {
                     $cache->set(
                         $cacheKey,
-                        $token,
+                        ['token' => $token],
                         null === $token->getExpiration() ?
                             0 : $token->getExpiration() - time()
                     );
@@ -269,4 +269,3 @@ public static function sso(
         return new SsoTokenProvider($profileName, $filename, $ssoClient);
     }
 }
-
diff --git a/tests/Token/TokenProviderTest.php b/tests/Token/TokenProviderTest.php
index 2ee03e49b3..534b934b2d 100644
--- a/tests/Token/TokenProviderTest.php
+++ b/tests/Token/TokenProviderTest.php
@@ -1,15 +1,15 @@
 <?php
 namespace Aws\Test\Token;
 
-use Aws\Exception\TokenException;
 use Aws\LruArrayCache;
 use Aws\Result;
-use Aws\SSOOIDC\SSOOIDCClient;
 use Aws\Test\UsesServiceTrait;
 use Aws\Token\SsoToken;
 use Aws\Token\SsoTokenProvider;
 use Aws\Token\Token;
+use Aws\Token\TokenInterface;
 use Aws\Token\TokenProvider;
+use GuzzleHttp\Promise;
 use Yoast\PHPUnitPolyfills\TestCases\TestCase;
 
 require_once __DIR__ . '/../Token/token_hack.php';
@@ -422,4 +422,35 @@ public function testTokenProviderFailureCases($cachedToken, $expectedException)
         $this->assertSame($token->getToken(), $found->getToken());
         $this->assertEquals($token->getExpiration(), $found->getExpiration());
     }
+
+    public function testCacheWritesAndReadsCorrectFormat()
+    {
+        $cache = new LruArrayCache;
+        $key = 'test_write_read';
+        $token = new Token('test-token', strtotime('+1 hour'));
+        $providerCallCount = 0;
+
+        $provider = function() use ($token, &$providerCallCount) {
+            $providerCallCount++;
+            return Promise\Create::promiseFor($token);
+        };
+
+        $cachedProvider = TokenProvider::cache($provider, $cache, $key);
+
+        // First call should invoke provider and write to cache
+        $result1 = $cachedProvider()->wait();
+        $this->assertEquals(1, $providerCallCount);
+        $this->assertEquals('test-token', $result1->getToken());
+
+        // Verify cache structure
+        $cachedValue = $cache->get($key);
+        $this->assertIsArray($cachedValue, 'Cache should store an array');
+        $this->assertArrayHasKey('token', $cachedValue, 'Cached array should have token key');
+        $this->assertInstanceOf(TokenInterface::class, $cachedValue['token']);
+
+        // Second call should use cache without invoking provider
+        $result2 = $cachedProvider()->wait();
+        $this->assertEquals(1, $providerCallCount, 'Provider should not be called again');
+        $this->assertEquals('test-token', $result2->getToken());
+    }
 }