diff --git a/package.json b/package.json
index 730bd4106dad..6b5f3ac3f9b8 100644
--- a/package.json
+++ b/package.json
@@ -269,7 +269,6 @@
     "json-stable-stringify": "^1.0.1",
     "json-stringify-pretty-compact": "1.2.0",
     "json-stringify-safe": "5.0.1",
-    "jsonwebtoken": "^8.5.1",
     "jsts": "^1.6.2",
     "kea": "^2.4.2",
     "leaflet": "1.5.1",
@@ -554,7 +553,6 @@
     "@types/jsdom": "^16.2.3",
     "@types/json-stable-stringify": "^1.0.32",
     "@types/json5": "^0.0.30",
-    "@types/jsonwebtoken": "^8.5.5",
     "@types/license-checker": "15.0.0",
     "@types/listr": "^0.14.0",
     "@types/loader-utils": "^1.1.3",
@@ -663,7 +661,6 @@
     "babel-plugin-styled-components": "^1.10.7",
     "babel-plugin-transform-react-remove-prop-types": "^0.4.24",
     "backport": "^5.6.6",
-    "base64url": "^3.0.1",
     "callsites": "^3.1.0",
     "chai": "3.5.0",
     "chance": "1.0.18",
diff --git a/x-pack/test/security_api_integration/fixtures/oidc/oidc_tools.ts b/x-pack/test/security_api_integration/fixtures/oidc/oidc_tools.ts
index 8d078994eb0e..3db2e2ebdce0 100644
--- a/x-pack/test/security_api_integration/fixtures/oidc/oidc_tools.ts
+++ b/x-pack/test/security_api_integration/fixtures/oidc/oidc_tools.ts
@@ -5,10 +5,8 @@
  * 2.0.
  */
 
-import base64url from 'base64url';
-import { createHash } from 'crypto';
+import { createHash, createSign } from 'crypto';
 import fs from 'fs';
-import jwt from 'jsonwebtoken';
 import url from 'url';
 
 export function getStateAndNonce(urlWithStateAndNonce: string) {
@@ -16,16 +14,20 @@ export function getStateAndNonce(urlWithStateAndNonce: string) {
   return { state: parsedQuery.state as string, nonce: parsedQuery.nonce as string };
 }
 
-export function createTokens(userId: string, nonce: string) {
-  const signingKey = fs.readFileSync(require.resolve('./jwks_private.pem'));
-  const iat = Math.floor(Date.now() / 1000);
+function fromBase64(base64: string) {
+  return base64.replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
+}
 
+export function createTokens(userId: string, nonce: string) {
+  const idTokenHeader = fromBase64(
+    Buffer.from(JSON.stringify({ alg: 'RS256' })).toString('base64')
+  );
+
+  const iat = Math.floor(Date.now() / 1000);
   const accessToken = `valid-access-token${userId}`;
   const accessTokenHashBuffer = createHash('sha256').update(accessToken).digest();
-
-  return {
-    accessToken,
-    idToken: jwt.sign(
+  const idTokenBody = fromBase64(
+    Buffer.from(
       JSON.stringify({
         iss: 'https://test-op.elastic.co',
         sub: `user${userId}`,
@@ -34,10 +36,19 @@ export function createTokens(userId: string, nonce: string) {
         exp: iat + 3600,
         iat,
         // See more details on `at_hash` at https://openid.net/specs/openid-connect-core-1_0.html#ImplicitIDToken
-        at_hash: base64url(accessTokenHashBuffer.slice(0, accessTokenHashBuffer.length / 2)),
-      }),
-      signingKey,
-      { algorithm: 'RS256' }
-    ),
-  };
+        at_hash: fromBase64(
+          accessTokenHashBuffer.slice(0, accessTokenHashBuffer.length / 2).toString('base64')
+        ),
+      })
+    ).toString('base64')
+  );
+
+  const idToken = `${idTokenHeader}.${idTokenBody}`;
+
+  const signingKey = fs.readFileSync(require.resolve('./jwks_private.pem'));
+  const idTokenSignature = fromBase64(
+    createSign('RSA-SHA256').update(idToken).sign(signingKey, 'base64')
+  );
+
+  return { accessToken, idToken: `${idToken}.${idTokenSignature}` };
 }
diff --git a/yarn.lock b/yarn.lock
index c7b0ac6f80e4..e2f8481a1509 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5409,13 +5409,6 @@
   resolved "https://registry.yarnpkg.com/@types/json5/-/json5-0.0.30.tgz#44cb52f32a809734ca562e685c6473b5754a7818"
   integrity sha512-sqm9g7mHlPY/43fcSNrCYfOeX9zkTTK+euO5E6+CVijSMm5tTjkVdwdqRkY3ljjIAf8679vps5jKUoJBCLsMDA==
 
-"@types/jsonwebtoken@^8.5.5":
-  version "8.5.5"
-  resolved "https://registry.yarnpkg.com/@types/jsonwebtoken/-/jsonwebtoken-8.5.5.tgz#da5f2f4baee88f052ef3e4db4c1a0afb46cff22c"
-  integrity sha512-OGqtHQ7N5/Ap/TUwO6IgHDuLiAoTmHhGpNvgkCm/F4N6pKzx/RBSfr2OXZSwC6vkfnsEdb6+7DNZVtiXiwdwFw==
-  dependencies:
-    "@types/node" "*"
-
 "@types/keyv@*":
   version "3.1.1"
   resolved "https://registry.yarnpkg.com/@types/keyv/-/keyv-3.1.1.tgz#e45a45324fca9dab716ab1230ee249c9fb52cfa7"
@@ -8298,7 +8291,7 @@ base64-js@^1.0.2, base64-js@^1.1.2, base64-js@^1.2.0, base64-js@^1.3.0, base64-j
   resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.3.1.tgz#58ece8cb75dd07e71ed08c736abc5fac4dbf8df1"
   integrity sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==
 
-base64url@^3.0.0, base64url@^3.0.1:
+base64url@^3.0.0:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d"
   integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==
@@ -17769,7 +17762,7 @@ jsonparse@^1.2.0:
   resolved "https://registry.yarnpkg.com/jsonparse/-/jsonparse-1.3.1.tgz#3f4dae4a91fac315f71062f8521cc239f1366280"
   integrity sha1-P02uSpH6wxX3EGL4UhzCOfE2YoA=
 
-jsonwebtoken@^8.3.0, jsonwebtoken@^8.5.1:
+jsonwebtoken@^8.3.0:
   version "8.5.1"
   resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz#00e71e0b8df54c2121a1f26137df2280673bcc0d"
   integrity sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==