Bump com.microsoft.azure:msal4j from 1.19.1 to 1.23.1

[dependabot]

Bumps com.microsoft.azure:msal4j from 1.19.1 to 1.23.1.

Release notes

Sourced from com.microsoft.azure:msal4j's releases.

1.23.1

• Fix regression and other issues related to client credentials (#986)
  • Fix for regression after latest release where certificate-based assertions were never refreshed (#984)
  • Fix/improve behavior to properly handle callback-based assertions set at the application level (#879, #977)
  • Generally improve internal assertion behavior by making assertions entirely per-request

Full Changelog: AzureAD/microsoft-authentication-library-for-java@v1.23.0...v1.23.1

1.23.0

• Reduced dependency footprint by removing third-party libraries (#909):
  • Replaced org.projectlombok with direct implementations of previously generated code (#946)
  • Replaced com.nimbusds OAuth/OIDC functionality with our own implementation (#926, #927, #928, #941, #945)
  • Replaced com.fasterxml.jackson with com.azure.json for JSON parsing/serialization (#947, #948)
  • Internal behavior and public APIs remain unchanged, except for those noted below
• Minor breaking changes:
  • Removed protected APIs that returned or used com.nimbusds.ClientAuthentication
    • These APIs were not used by any other public MSAL API, and are unlikely to have been used by other libraries
  • Improved JSON error handling to return more informative MsalClientException/MsalServiceException rather than generic JSON exceptions

v1.22.0

What's Changed

• Validate issuer from OIDC endpoint when using the oidcAuthority() API by @​Avery-Dunn (AzureAD/microsoft-authentication-library-for-java#970)
• Suppressed SHA-1 CodeQL flag by @​Avery-Dunn in AzureAD/microsoft-authentication-library-for-java#969
• Bump com.nimbusds.oauth2-oidc-sdk from 11.23 to 11.23.1 by @​Donnerbart in AzureAD/microsoft-authentication-library-for-java#974
• Add/improve javadocs for interface classes by @​Avery-Dunn in AzureAD/microsoft-authentication-library-for-java#973

New Contributors

• @​Donnerbart made their first contribution in AzureAD/microsoft-authentication-library-for-java#974

Full Changelog: AzureAD/microsoft-authentication-library-for-java@v1.21.0...v1.22.0

1.21.0

• Add support for claims, client capabilities, and token revocation in Service Fabric scenarios (#929, #943)
• Improve retry logic for HTTP requests, and add API to disable retries (#960, #963, #964)
• Support multiple date formats in Managed identity scenarios (#956)
• Fix query parameter issue in IMDS scenarios (#954)
• Update dependencies used in tests to avoid CVE warnings (#962)

1.20.1

• Fix Base64URL decoding bug (#938)

1.20.0

• Replace some usage of jackson-databind with azure-json (#918)
• Remove Lombok code generation from most classes (#919, #925)
• Remove some usage of nimbusds-oauth2-oidc-sdk (#927, #928)
• Fix refresh metadata not being set in MI flows (#931)
• Add distinct exception type for JSON parsing errors (#933)

Changelog

Sourced from com.microsoft.azure:msal4j's changelog.

Version 1.23.1

• Fix regression and other issues related to client credentials (#986)
  • Fix for regression after latest release where certificate-based assertions were never refreshed (#984)
  • Fix/improve behavior to properly handle callback-based assertions set at the application level (#879, #977)
  • Generally improve internal assertion behavior by making assertions entirely per-request

Version 1.23.0

• Reduced dependency footprint by removing third-party libraries (#909):
  • Replaced org.projectlombok with direct implementations of previously generated code (#946)
  • Replaced com.nimbusds OAuth/OIDC functionality with our own implementation (#926, #927, #928, #941, #945)
  • Replaced com.fasterxml.jackson with com.azure.json for JSON parsing/serialization (#947, #948)
  • Internal behavior and public APIs remain unchanged, except for those noted below
• Minor breaking changes:
  • Removed protected APIs that returned or used com.nimbusds.ClientAuthentication
    • These APIs were not used by any other public MSAL API, and are unlikely to have been used by other libraries
  • Improved JSON error handling to return more informative MsalClientException/MsalServiceException rather than generic JSON exceptions

Version 1.22.0

• Validate issuer from OIDC endpoint when using the oidcAuthority() API (#970)
• Bump oauth2-oidc-sdk dependency to avoid CVE-2025-53864 (#975)

Version 1.21.0

• Add support for claims, client capabilities, and token revocation in Service Fabric scenarios (#929, #943)
• Improve retry logic for HTTP requests, and add API to disable retries (#960, #963, #964)
• Support multiple date formats in Managed identity scenarios (#956)
• Fix query parameter issue in IMDS scenarios (#954)
• Update dependencies used in tests to avoid CVE warnings (#962)

1.20.1

• Fix Base64URL decoding bug (#938)

Version 1.20.0

• Replace some usage of jackson-databind with azure-json (#918)
• Remove Lombok code generation from most classes (#919, #925)
• Remove some usage of nimbusds-oauth2-oidc-sdk (#927, #928)
• Fix refresh metadata not being set in MI flows (#931)
• Add distinct exception type for JSON parsing errors (#933)

Commits

• b8c025b Merge pull request #991 from AzureAD/avdunn/release-1.23.1
• 62645de Version number and changelog update for release 1.23.1
• 9c03bc3 Merge pull request #986 from AzureAD/avdunn/fix-assertion-refresh
• cf22677 Fix issue with overriding tenant in B2C authority
• 305d209 PR feedback
• cabae29 Merge pull request #988 from AzureAD/avdunn/improve-credentials
• dcf0369 Merge remote-tracking branch 'origin/avdunn/improve-credentials' into avdunn/...
• a36c921 Merge branch 'avdunn/fix-assertion-refresh' into avdunn/improve-credentials
• 65dbd6c Update msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java
• fb0f51e Add test for mixed and overridden credentials
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)