Remove third-party dependencies from msal4j package #982
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…tion-library-for-java into avdunn/nimbus-grants # Conflicts: # msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfRequest.java
Remove usage of com.nimbusds.oauth2's Token classes
Remove usage of com.nimbusds.oauth2's HTTP classes
…tion-library-for-java into avdunn/nimbus-removal
…tion-library-for-java into avdunn/nimbus-grants
…crosoft-authentication-library-for-java into avdunn/nimbus-grants
…ring, List<String>>
…tion-library-for-java into avdunn/nimbus-grants # Conflicts: # msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java
Remove usage of com.nimbusds.oauth2 from grant-related classes
Represent query parameters with Map<String, String>
…crosoft-authentication-library-for-java into avdunn/nimbus-utils # Conflicts: # msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/HelperAndUtilityTests.java
Replace com.fasterxml.jackson with com.azure.json
Use azure-json in claims classes
Remove final usages of com.nimbusds from the packaged codebase
Avdunn/nimbus utils
…nn/json-removal # Conflicts: # msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/JsonHelper.java
Merge JSON and Nimbus feature branches
Dependency cleanup
Dependency removal for beta release
… avdunn/release-1.30.0-beta
# Conflicts: # README.md # changelog.txt # msal4j-sdk/README.md # msal4j-sdk/bnd.bnd # msal4j-sdk/pom.xml # msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java # msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ManagedIdentityRequest.java # msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/StringHelper.java # msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java # msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java # msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificateTest.java # msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ManagedIdentityTests.java # msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TokenRequestExecutorTest.java
Sync dependency removal branch with latest dev branch
g2vinay
reviewed
Aug 13, 2025
| @@ -1,3 +1,9 @@ | |||
| Version 1.30.0-beta | |||
| ============= | |||
| - Replace org.projectlombok dependencies with implementations of generated code (#946) | |||
There was a problem hiding this comment.
We should mention about breaking changes from exception changes
There was a problem hiding this comment.
Normally we just make a separate changelog/version update PR once everything is merged to clearly mark the cutoff for changes that we release, so I didn't include them here
But this is kind of a special case due to it already being released. I just set up this PR to make it easier to review the changelog, and will either merge into this branch or the main branch depending on which gets approved first: #983
bgavrilMS
approved these changes
Aug 18, 2025
neha-bhargava
approved these changes
Aug 18, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR represents the work done for #909, and all of the changes were already approved in the various PRs linked to that issue.
As can be seen on Maven, once merged the msal4j package will no longer be reliant on any package except for Azure SDK's azure-json and the very popular logging framework slf4j-api: https://mvnrepository.com/artifact/com.microsoft.azure/msal4j/1.30.0-beta
All of the behavior from other dependencies were replaced with our own implementations. Despite the large number of changes, as found in our own testing and testing by Azure SDK there are only two groups known breaking changes:
ClientAuthentication, which was a class from com.nimbusdsMsalClientExceptionorMsalServiceExceptionwhen a JSON was blank, rather than aJsonParsingExceptionor similarNormally breaking changes to public/protected APIs would warrant a major version bump, however these changes should affect few customers (if any) and were closer to bugfixes than changes to the overall design as they should never have been publicly available:
ClientAuthenticationwere never used by any other public msal4j API, and we could couldn't think of any scenario where another project would need the instance we produced