diff --git a/lib/thirdpartylibs.xml b/lib/thirdpartylibs.xml
index 4e1bef9172b..ac73cb9d7af 100644
--- a/lib/thirdpartylibs.xml
+++ b/lib/thirdpartylibs.xml
@@ -299,7 +299,7 @@
     <location>php-jwt</location>
     <name>A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519</name>
     <license>BSD</license>
-    <version>5.2.0</version>
+    <version>6.0.0</version>
     <licenseversion>3-Clause</licenseversion>
   </library>
   <library>
diff --git a/mod/bigbluebuttonbn/classes/broker.php b/mod/bigbluebuttonbn/classes/broker.php
index 4310be2e802..4f17e90bc63 100644
--- a/mod/bigbluebuttonbn/classes/broker.php
+++ b/mod/bigbluebuttonbn/classes/broker.php
@@ -18,6 +18,7 @@ namespace mod_bigbluebuttonbn;
 
 use Exception;
 use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
 use mod_bigbluebuttonbn\local\config;
 
 /**
@@ -88,8 +89,7 @@ class broker {
         try {
             $decodedparameters = JWT::decode(
                 $params['signed_parameters'],
-                config::get('shared_secret'),
-                ['HS256']
+                new Key(config::get('shared_secret'), 'HS256')
             );
         } catch (Exception $e) {
             $error = 'Caught exception: ' . $e->getMessage();
diff --git a/mod/bigbluebuttonbn/classes/meeting.php b/mod/bigbluebuttonbn/classes/meeting.php
index be6c17b1621..d402cad0a24 100644
--- a/mod/bigbluebuttonbn/classes/meeting.php
+++ b/mod/bigbluebuttonbn/classes/meeting.php
@@ -21,6 +21,7 @@ use cache_store;
 use context_course;
 use core_tag_tag;
 use Exception;
+use Firebase\JWT\Key;
 use mod_bigbluebuttonbn\local\config;
 use mod_bigbluebuttonbn\local\exceptions\bigbluebutton_exception;
 use mod_bigbluebuttonbn\local\exceptions\meeting_join_exception;
@@ -432,8 +433,7 @@ class meeting {
             // Verify the authenticity of the request.
             $token = \Firebase\JWT\JWT::decode(
                 $authorization[1],
-                config::get('shared_secret'),
-                ['HS512']
+                new Key(config::get('shared_secret'), 'HS512')
             );
 
             // Get JSON string from the body.
diff --git a/mod/lti/classes/local/ltiopenid/registration_helper.php b/mod/lti/classes/local/ltiopenid/registration_helper.php
index bbbe9a3d160..5889ee78e7d 100644
--- a/mod/lti/classes/local/ltiopenid/registration_helper.php
+++ b/mod/lti/classes/local/ltiopenid/registration_helper.php
@@ -28,6 +28,7 @@ defined('MOODLE_INTERNAL') || die;
 require_once($CFG->dirroot . '/mod/lti/locallib.php');
 use Firebase\JWT\JWK;
 use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
 use stdClass;
 
 /**
@@ -371,8 +372,9 @@ class registration_helper {
      */
     public function validate_registration_token(string $registrationtokenjwt): array {
         global $DB;
+        // JWK::parseKeySet uses RS256 algorithm by default.
         $keys = JWK::parseKeySet(jwks_helper::get_jwks());
-        $registrationtoken = JWT::decode($registrationtokenjwt, $keys, ['RS256']);
+        $registrationtoken = JWT::decode($registrationtokenjwt, $keys);
         $response = [];
         // Get clientid from registrationtoken.
         $clientid = $registrationtoken->sub;
diff --git a/mod/lti/locallib.php b/mod/lti/locallib.php
index f3296248daf..54925f9ba0e 100644
--- a/mod/lti/locallib.php
+++ b/mod/lti/locallib.php
@@ -55,6 +55,7 @@ use mod_lti\helper;
 use moodle\mod\lti as lti;
 use Firebase\JWT\JWT;
 use Firebase\JWT\JWK;
+use Firebase\JWT\Key;
 use mod_lti\local\ltiopenid\jwks_helper;
 use mod_lti\local\ltiopenid\registration_helper;
 
@@ -1360,14 +1361,16 @@ function lti_verify_with_keyset($jwtparam, $keyseturl, $clientid) {
             throw new moodle_exception('errornocachedkeysetfound', 'mod_lti');
         }
         $keysetarr = json_decode($keyset, true);
+        // JWK::parseKeySet uses RS256 algorithm by default.
         $keys = JWK::parseKeySet($keysetarr);
-        $jwt = JWT::decode($jwtparam, $keys, ['RS256']);
+        $jwt = JWT::decode($jwtparam, $keys);
     } catch (Exception $e) {
         // Something went wrong, so attempt to update cached keyset and then try again.
         $keyset = file_get_contents($keyseturl);
         $keysetarr = json_decode($keyset, true);
+        // JWK::parseKeySet uses RS256 algorithm by default.
         $keys = JWK::parseKeySet($keysetarr);
-        $jwt = JWT::decode($jwtparam, $keys, ['RS256']);
+        $jwt = JWT::decode($jwtparam, $keys);
         // If sucessful, updates the cached keyset.
         $cache->set($clientid, $keyset);
     }
@@ -1414,7 +1417,7 @@ function lti_verify_jwt_signature($typeid, $consumerkey, $jwtparam) {
             throw new moodle_exception('No public key configured');
         }
         // Attemps to verify jwt with RSA key.
-        JWT::decode($jwtparam, $publickey, ['RS256']);
+        JWT::decode($jwtparam, new Key($publickey, 'RS256'));
     } else if ($typeconfig['keytype'] === LTI_JWK_KEYSET) {
         $keyseturl = $typeconfig['publickeyset'] ?? '';
         if (empty($keyseturl)) {