diff --git a/connector/oauth/oauth_test.go b/connector/oauth/oauth_test.go
index 3a5ec6bf59..62cbd8d59a 100644
--- a/connector/oauth/oauth_test.go
+++ b/connector/oauth/oauth_test.go
@@ -12,9 +12,9 @@ import (
 	"sort"
 	"testing"
 
+	"github.com/go-jose/go-jose/v4"
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
-	jose "gopkg.in/square/go-jose.v2"
 
 	"github.com/dexidp/dex/connector"
 )
diff --git a/connector/oidc/oidc_test.go b/connector/oidc/oidc_test.go
index 950d158338..fef2a1a552 100644
--- a/connector/oidc/oidc_test.go
+++ b/connector/oidc/oidc_test.go
@@ -17,8 +17,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/go-jose/go-jose/v4"
 	"github.com/sirupsen/logrus"
-	"gopkg.in/square/go-jose.v2"
 
 	"github.com/dexidp/dex/connector"
 )
diff --git a/go.mod b/go.mod
index 52cfe86993..0089a6af98 100644
--- a/go.mod
+++ b/go.mod
@@ -13,6 +13,7 @@ require (
 	github.com/felixge/httpsnoop v1.0.4
 	github.com/fsnotify/fsnotify v1.7.0
 	github.com/ghodss/yaml v1.0.0
+	github.com/go-jose/go-jose/v4 v4.0.0
 	github.com/go-ldap/ldap/v3 v3.4.6
 	github.com/go-sql-driver/mysql v1.7.1
 	github.com/gorilla/handlers v1.5.2
@@ -38,7 +39,6 @@ require (
 	google.golang.org/api v0.169.0
 	google.golang.org/grpc v1.62.0
 	google.golang.org/protobuf v1.32.0
-	gopkg.in/square/go-jose.v2 v2.6.0
 )
 
 require (
diff --git a/go.sum b/go.sum
index 6f53e05bb4..a5c319edcf 100644
--- a/go.sum
+++ b/go.sum
@@ -65,6 +65,8 @@ github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD
 github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
 github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
+github.com/go-jose/go-jose/v4 v4.0.0 h1:gHOVQyfrqsagdy/Yj9PTz5HMYzr3UpYh1CcFpktmRoY=
+github.com/go-jose/go-jose/v4 v4.0.0/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
 github.com/go-ldap/ldap/v3 v3.4.6 h1:ert95MdbiG7aWo/oPYp9btL3KJlMPKnP58r09rI8T+A=
 github.com/go-ldap/ldap/v3 v3.4.6/go.mod h1:IGMQANNtxpsOzj7uUAMjpGBaOVTC4DYyIy8VsTdxmtc=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -384,8 +386,6 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
-gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/server/handlers.go b/server/handlers.go
index 003f26b69b..5faab2c9ae 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -18,8 +18,8 @@ import (
 	"time"
 
 	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/go-jose/go-jose/v4"
 	"github.com/gorilla/mux"
-	jose "gopkg.in/square/go-jose.v2"
 
 	"github.com/dexidp/dex/connector"
 	"github.com/dexidp/dex/server/internal"
diff --git a/server/oauth2.go b/server/oauth2.go
index b72431e0e8..2f2fb74f40 100644
--- a/server/oauth2.go
+++ b/server/oauth2.go
@@ -21,7 +21,7 @@ import (
 	"strings"
 	"time"
 
-	jose "gopkg.in/square/go-jose.v2"
+	"github.com/go-jose/go-jose/v4"
 
 	"github.com/dexidp/dex/connector"
 	"github.com/dexidp/dex/server/internal"
@@ -669,7 +669,7 @@ type storageKeySet struct {
 }
 
 func (s *storageKeySet) VerifySignature(_ context.Context, jwt string) (payload []byte, err error) {
-	jws, err := jose.ParseSigned(jwt)
+	jws, err := jose.ParseSigned(jwt, []jose.SignatureAlgorithm{jose.RS256, jose.RS384, jose.RS512, jose.ES256, jose.ES384, jose.ES512})
 	if err != nil {
 		return nil, err
 	}
diff --git a/server/oauth2_test.go b/server/oauth2_test.go
index 1acff6518a..5b1ceff5dc 100644
--- a/server/oauth2_test.go
+++ b/server/oauth2_test.go
@@ -10,7 +10,7 @@ import (
 	"strings"
 	"testing"
 
-	"gopkg.in/square/go-jose.v2"
+	"github.com/go-jose/go-jose/v4"
 
 	"github.com/dexidp/dex/storage"
 	"github.com/dexidp/dex/storage/memory"
diff --git a/server/rotation.go b/server/rotation.go
index 98489767e0..77a9926ee3 100644
--- a/server/rotation.go
+++ b/server/rotation.go
@@ -10,7 +10,7 @@ import (
 	"io"
 	"time"
 
-	"gopkg.in/square/go-jose.v2"
+	"github.com/go-jose/go-jose/v4"
 
 	"github.com/dexidp/dex/pkg/log"
 	"github.com/dexidp/dex/storage"
diff --git a/server/server_test.go b/server/server_test.go
index f9bfa4a3ba..f39d64d3a4 100644
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -23,13 +23,13 @@ import (
 
 	gosundheit "github.com/AppsFlyer/go-sundheit"
 	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/go-jose/go-jose/v4"
 	"github.com/kylelemons/godebug/pretty"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/crypto/bcrypt"
 	"golang.org/x/oauth2"
-	jose "gopkg.in/square/go-jose.v2"
 
 	"github.com/dexidp/dex/connector"
 	"github.com/dexidp/dex/connector/mock"
diff --git a/storage/conformance/conformance.go b/storage/conformance/conformance.go
index 6c2cb2e476..84ad1cba5f 100644
--- a/storage/conformance/conformance.go
+++ b/storage/conformance/conformance.go
@@ -8,10 +8,10 @@ import (
 	"testing"
 	"time"
 
+	jose "github.com/go-jose/go-jose/v4"
 	"github.com/kylelemons/godebug/pretty"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/crypto/bcrypt"
-	jose "gopkg.in/square/go-jose.v2"
 
 	"github.com/dexidp/dex/storage"
 )
diff --git a/storage/conformance/gen_jwks.go b/storage/conformance/gen_jwks.go
index 0447e32815..0029b9b881 100644
--- a/storage/conformance/gen_jwks.go
+++ b/storage/conformance/gen_jwks.go
@@ -1,3 +1,4 @@
+//go:build ignore
 // +build ignore
 
 // This file is used to generate static JWKs for tests.
@@ -16,7 +17,7 @@ import (
 	"os"
 	"text/template"
 
-	jose "gopkg.in/square/go-jose.v2"
+	"github.com/go-jose/go-jose/v4"
 )
 
 func newUUID() string {
@@ -36,7 +37,7 @@ var tmpl = template.Must(template.New("jwks.go").Parse(`
 
 package conformance
 
-import jose "gopkg.in/square/go-jose.v2"
+import jose "github.com/go-jose/go-jose/v4"
 
 type keyPair struct {
 	Public  *jose.JSONWebKey
diff --git a/storage/conformance/jwks.go b/storage/conformance/jwks.go
index 0f05703e1b..28ce5f7255 100644
--- a/storage/conformance/jwks.go
+++ b/storage/conformance/jwks.go
@@ -2,7 +2,7 @@
 
 package conformance
 
-import jose "gopkg.in/square/go-jose.v2"
+import "github.com/go-jose/go-jose/v4"
 
 type keyPair struct {
 	Public  *jose.JSONWebKey
diff --git a/storage/ent/db/keys.go b/storage/ent/db/keys.go
index ff84655e77..d25fb6fb0a 100644
--- a/storage/ent/db/keys.go
+++ b/storage/ent/db/keys.go
@@ -12,7 +12,7 @@ import (
 	"entgo.io/ent/dialect/sql"
 	"github.com/dexidp/dex/storage"
 	"github.com/dexidp/dex/storage/ent/db/keys"
-	jose "gopkg.in/square/go-jose.v2"
+	"github.com/go-jose/go-jose/v4"
 )
 
 // Keys is the model entity for the Keys schema.
diff --git a/storage/ent/db/keys_create.go b/storage/ent/db/keys_create.go
index e60c973e6b..a5337ca700 100644
--- a/storage/ent/db/keys_create.go
+++ b/storage/ent/db/keys_create.go
@@ -12,7 +12,7 @@ import (
 	"entgo.io/ent/schema/field"
 	"github.com/dexidp/dex/storage"
 	"github.com/dexidp/dex/storage/ent/db/keys"
-	jose "gopkg.in/square/go-jose.v2"
+	"github.com/go-jose/go-jose/v4"
 )
 
 // KeysCreate is the builder for creating a Keys entity.
diff --git a/storage/ent/db/keys_update.go b/storage/ent/db/keys_update.go
index d31ce8c86e..870526e313 100644
--- a/storage/ent/db/keys_update.go
+++ b/storage/ent/db/keys_update.go
@@ -15,7 +15,7 @@ import (
 	"github.com/dexidp/dex/storage"
 	"github.com/dexidp/dex/storage/ent/db/keys"
 	"github.com/dexidp/dex/storage/ent/db/predicate"
-	jose "gopkg.in/square/go-jose.v2"
+	"github.com/go-jose/go-jose/v4"
 )
 
 // KeysUpdate is the builder for updating Keys entities.
diff --git a/storage/ent/db/mutation.go b/storage/ent/db/mutation.go
index aec11425c5..495e26f2ad 100644
--- a/storage/ent/db/mutation.go
+++ b/storage/ent/db/mutation.go
@@ -23,7 +23,7 @@ import (
 	"github.com/dexidp/dex/storage/ent/db/password"
 	"github.com/dexidp/dex/storage/ent/db/predicate"
 	"github.com/dexidp/dex/storage/ent/db/refreshtoken"
-	jose "gopkg.in/square/go-jose.v2"
+	"github.com/go-jose/go-jose/v4"
 )
 
 const (
diff --git a/storage/ent/schema/keys.go b/storage/ent/schema/keys.go
index ec5cd3f6bb..b8e56817b5 100644
--- a/storage/ent/schema/keys.go
+++ b/storage/ent/schema/keys.go
@@ -3,7 +3,7 @@ package schema
 import (
 	"entgo.io/ent"
 	"entgo.io/ent/schema/field"
-	"gopkg.in/square/go-jose.v2"
+	"github.com/go-jose/go-jose/v4"
 
 	"github.com/dexidp/dex/storage"
 )
diff --git a/storage/etcd/types.go b/storage/etcd/types.go
index b945376e41..b3756604dd 100644
--- a/storage/etcd/types.go
+++ b/storage/etcd/types.go
@@ -3,7 +3,7 @@ package etcd
 import (
 	"time"
 
-	jose "gopkg.in/square/go-jose.v2"
+	"github.com/go-jose/go-jose/v4"
 
 	"github.com/dexidp/dex/storage"
 )
diff --git a/storage/kubernetes/types.go b/storage/kubernetes/types.go
index a5ec29afd4..c126ddc087 100644
--- a/storage/kubernetes/types.go
+++ b/storage/kubernetes/types.go
@@ -4,7 +4,7 @@ import (
 	"strings"
 	"time"
 
-	jose "gopkg.in/square/go-jose.v2"
+	"github.com/go-jose/go-jose/v4"
 
 	"github.com/dexidp/dex/storage"
 	"github.com/dexidp/dex/storage/kubernetes/k8sapi"
diff --git a/storage/storage.go b/storage/storage.go
index 214c2d49f7..03883ef5aa 100644
--- a/storage/storage.go
+++ b/storage/storage.go
@@ -11,7 +11,7 @@ import (
 	"strings"
 	"time"
 
-	jose "gopkg.in/square/go-jose.v2"
+	"github.com/go-jose/go-jose/v4"
 )
 
 var (