diff --git a/README.rst b/README.rst
index bc3164461b..4ebcaf8c7f 100644
--- a/README.rst
+++ b/README.rst
@@ -63,6 +63,13 @@ Install plone.restapi by adding it to your buildout::
 
 and then running ``bin/buildout``
 
+Usage in Plone 5.2:
+
+- Older plone.restapi 7.x. is part of the Plone 5.2.x release series and works on both Python 2.7 and 3.6 to 3.8.
+- plone.restapi 8.x or later works with Plone 5.2:
+  - if Python 3.6 or later is used and
+  - since plone.restapi 8.9.0 if PyJWT 2.1.0 is used. Set a pin `pyjwt = 2.1.0` in the `[versions]` section of the buildout file. 
+
 
 Contribute
 ==========
diff --git a/news/1193.bugfix b/news/1193.bugfix
new file mode 100644
index 0000000000..88851d7933
--- /dev/null
+++ b/news/1193.bugfix
@@ -0,0 +1,3 @@
+Fixes deprecated JWT `decode`usage.
+Uses and requires latest PyJWT 2.1.0 now. 
+[jensens] 
diff --git a/setup.py b/setup.py
index dabe8e6b82..958eb8d985 100644
--- a/setup.py
+++ b/setup.py
@@ -55,6 +55,7 @@ def read(filename):
         "Environment :: Web Environment",
         "Framework :: Plone",
         "Framework :: Plone :: 5.2",
+        "Framework :: Plone :: 6.0",
         "Framework :: Plone :: Core",
         "Intended Audience :: Developers",
         "Operating System :: OS Independent",
@@ -62,6 +63,7 @@ def read(filename):
         "Programming Language :: Python :: 3.6",
         "Programming Language :: Python :: 3.7",
         "Programming Language :: Python :: 3.8",
+        "Programming Language :: Python :: 3.9",
         "Programming Language :: Python :: 3 :: Only",
         "Topic :: Software Development :: Libraries :: Python Modules",
     ],
@@ -82,7 +84,7 @@ def read(filename):
         "plone.behavior>=1.1",  # adds name to behavior directive
         "plone.rest >= 1.0a6",  # json renderer moved to plone.restapi
         "plone.schema >= 1.2.1",  # new/fixed json field
-        "PyJWT",
+        "PyJWT>=2",
         "pytz",
     ],
     extras_require={"test": TEST_REQUIRES},
diff --git a/src/plone/restapi/pas/plugin.py b/src/plone/restapi/pas/plugin.py
index 643c77e35f..5c1f743bfa 100644
--- a/src/plone/restapi/pas/plugin.py
+++ b/src/plone/restapi/pas/plugin.py
@@ -160,7 +160,12 @@ def _jwt_decode(self, token, secret, verify=True):
         if isinstance(token, str):
             token = token.encode("utf-8")
         try:
-            return jwt.decode(token, secret, verify=verify, algorithms=["HS256"])
+            return jwt.decode(
+                token,
+                secret,
+                options={"verify_signature": verify},
+                algorithms=["HS256"],
+            )
         except jwt.InvalidTokenError:
             pass
 
@@ -194,7 +199,6 @@ def create_token(self, userid, timeout=None, data=None):
         if data is not None:
             payload.update(data)
         token = jwt.encode(payload, self._signing_secret(), algorithm="HS256")
-        token = token.decode("utf-8")
         if self.store_tokens:
             if self._tokens is None:
                 self._tokens = OOBTree()
diff --git a/versions.cfg b/versions.cfg
index 28a57f5575..f911bbba8f 100644
--- a/versions.cfg
+++ b/versions.cfg
@@ -25,4 +25,7 @@ cffi = 1.14.4
 
 # requirement for json widget tests to pass
 plone.schema = 1.3.0
-plone.dexterity = 2.9.8
\ No newline at end of file
+plone.dexterity = 2.9.8
+
+# recent pyjwt 
+pyjwt = 2.1.0
\ No newline at end of file