Skip to content

[Feature Request] Remove Newtonsoft.Json from MSAL and use System.Text.Json #5056

New issue
New issue
Open
Feature
#5057
Open
[Feature Request] Remove Newtonsoft.Json from MSAL and use System.Text.Json#5056
Feature
#5057
Labels
Feature Requestconfidential-client
@bgavrilMS

Description

@bgavrilMS
bgavrilMS
opened on Jan 6, 2025

MSAL client type

Public, Confidential, Managed identity

Problem statement

With MSAL 4.66.0 and below, only the .NET version of MSAL uses System.Text.Json. The rest of the tfms use an internal copy of Newtonsoft.Json

This poses several problems:

  • Need to keep Newtonsoft.Json up to date, particularly when it has CVEs
  • If CVE occurs, MSAL is not notified because Newtonsoft is referenced by code not by project.
  • MSAL needs to dual-stack Newtonsoft and System.Text.Json, which complicates JSON operations and MSAL code
  • System.Text.Json + source generation is faster

Proposed solution

Reference System.Text.Json version 6.0.11 (this is what other Identity SDKs use).

Alternatives

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Feature Requestconfidential-client

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions