diff --git a/dev-requirements.txt b/dev-requirements.txt
index 04abf13f..a06fe620 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -13,7 +13,7 @@ mysqlclient>=1.4.2
 cached-property>=1.5.1
 st2client==3.3.0
 rule==0.1.1
-Authlib==0.15.2
+Authlib==1.3.1
 httpx==0.*
 fastapi==0.*
 fastapi_pagination==0.9.3
diff --git a/helpdesk/views/auth/index.py b/helpdesk/views/auth/index.py
index 0fa1c730..099e8dab 100644
--- a/helpdesk/views/auth/index.py
+++ b/helpdesk/views/auth/index.py
@@ -40,16 +40,16 @@ async def callback(oauth_provider: str, request: Request):
     oauth_client = oauth_clients[oauth_provider]
 
     token = await oauth_client.authorize_access_token(request)
-    id_token = await oauth_client.parse_id_token(request, token)
-    logger.debug("auth succeed %s", id_token)
+    userinfo = token['userinfo']
+    logger.debug("auth succeed %s", userinfo)
 
-    username = oauth_username_func(id_token)
-    email = id_token['email']
+    username = oauth_username_func(userinfo)
+    email = userinfo['email']
 
-    access = id_token.get('resource_access', {})
+    access = userinfo.get('resource_access', {})
     roles = access.get(oauth_client.client_id, {}).get('roles', [])
 
-    user = User(name=username, email=email, roles=roles, avatar=id_token.get('picture'))
+    user = User(name=username, email=email, roles=roles, avatar=userinfo.get('picture', ''))
 
     request.session['user'] = user.json()
 
diff --git a/requirements.txt b/requirements.txt
index 0e6cf415..6cce2fe4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,7 +14,7 @@ mysqlclient>=1.4.2
 cached-property>=1.5.1
 st2client==3.3.0
 rule==0.1.1
-Authlib<=1.0.1
+Authlib<=1.3.1
 httpx==0.*
 fastapi==0.*
 fastapi_pagination==0.9.3