diff --git a/packages/amplify-graphiql-explorer/package.json b/packages/amplify-graphiql-explorer/package.json
index 194128ec0b9..06ae7f978ec 100644
--- a/packages/amplify-graphiql-explorer/package.json
+++ b/packages/amplify-graphiql-explorer/package.json
@@ -37,7 +37,7 @@
     "jest": "^29.0.0",
     "jest-resolve": "^26.0.2",
     "jest-watch-typeahead": "^1.0.0",
-    "jsonwebtoken": "^9.0.0",
+    "jsrsasign": "^10.8.6",
     "mini-css-extract-plugin": "^2.4.5",
     "postcss": "^8.4.4",
     "postcss-flexbugs-fixes": "^5.0.2",
@@ -73,6 +73,7 @@
   "devDependencies": {
     "@semantic-ui-react/css-patch": "^1.0.0",
     "@types/jest": "^29.5.1",
+    "@types/jsrsasign": "^10",
     "@types/node": "^12.12.6",
     "@types/react": "^17.0.39",
     "@types/react-dom": "^17.0.11"
diff --git a/packages/amplify-graphiql-explorer/src/utils/jwt.ts b/packages/amplify-graphiql-explorer/src/utils/jwt.ts
index 4a9184090eb..a0c32690eb7 100644
--- a/packages/amplify-graphiql-explorer/src/utils/jwt.ts
+++ b/packages/amplify-graphiql-explorer/src/utils/jwt.ts
@@ -1,12 +1,16 @@
-import { decode, sign, verify } from 'jsonwebtoken';
+import { KJUR, b64utoutf8 } from 'jsrsasign';
 
 export function generateToken(decodedToken: string | object): string {
   try {
     if (typeof decodedToken === 'string') {
       decodedToken = JSON.parse(decodedToken);
     }
-    const token = sign(decodedToken, 'open-secrete');
-    verify(token, 'open-secrete');
+    const header = { alg: 'HS256', typ: 'JWT' };
+    const token = KJUR.jws.JWS.sign('HS256', JSON.stringify(header), decodedToken, 'open-secrete');
+    const isValid = KJUR.jws.JWS.verify(token, 'open-secrete');
+    if (!isValid) {
+      throw new Error('Invalid token.');
+    }
     return token;
   } catch (e) {
     const err = new Error('Error when generating OIDC token: ' + e.message);
@@ -15,7 +19,10 @@ export function generateToken(decodedToken: string | object): string {
 }
 
 export function parse(token): object {
-  const decodedToken = decode(token);
+  if (!token) {
+    return {};
+  }
+  const decodedToken = KJUR.jws.JWS.readSafeJSONString(b64utoutf8(token.split('.')[1]));
   return decodedToken as object;
 }
 
diff --git a/yarn.lock b/yarn.lock
index 347beac700e..1253d725571 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -631,6 +631,7 @@ __metadata:
     "@testing-library/react": ^11.1.0
     "@testing-library/user-event": ^12.1.10
     "@types/jest": ^29.5.1
+    "@types/jsrsasign": ^10
     "@types/node": ^12.12.6
     "@types/react": ^17.0.39
     "@types/react-dom": ^17.0.11
@@ -662,7 +663,7 @@ __metadata:
     jest: ^29.0.0
     jest-resolve: ^26.0.2
     jest-watch-typeahead: ^1.0.0
-    jsonwebtoken: ^9.0.0
+    jsrsasign: ^10.8.6
     mini-css-extract-plugin: ^2.4.5
     postcss: ^8.4.4
     postcss-flexbugs-fixes: ^5.0.2
@@ -10073,6 +10074,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/jsrsasign@npm:^10":
+  version: 10.5.8
+  resolution: "@types/jsrsasign@npm:10.5.8"
+  checksum: 50fae7b760ad56c6e51ed859b0d89fa877398266efe9e343229a02c8a5027eaf96a3568546ff5f639ffc53cda8be3fa5031855def9e800ca5d6d245dd12dc8d1
+  languageName: node
+  linkType: hard
+
 "@types/keyv@npm:^3.1.4":
   version: 3.1.4
   resolution: "@types/keyv@npm:3.1.4"
@@ -21178,6 +21186,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"jsrsasign@npm:^10.8.6":
+  version: 10.8.6
+  resolution: "jsrsasign@npm:10.8.6"
+  checksum: 60f574594fdcd203a9204de9f1e6581e1b880f71358500a7ef62b995acc656e6dcd7f7ad055983b1cbb560ede6afc7b511e5afc88b821eea28661476067fa78e
+  languageName: node
+  linkType: hard
+
 "jstreemap@npm:^1.28.2":
   version: 1.28.2
   resolution: "jstreemap@npm:1.28.2"