See this comment I made for com.nimbusds:oauth2-oidc-sdk:7.3: https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/issues/294/dependency-resolution-broken

Looking at the versions at https://mvnrepository.com/artifact/com.microsoft.azure/msal4j/1.4.0 it should be possible to use oauth2-oidc-sdk:7.3.

But then there is a runtime error because MSAL uses some JSON functionality from net.minidev:json-smart:2.3.

JSONObject.getAsString(String key)

With oauth2-oidc-sdk:7.3 they have downgraded json-smart to version 1.3.1.

This is not good behaviour, of course, but it would be even better if MSAL included a direct dependency when it requires a specific library and version.

I solved it in my project by adding a direct dependency that I of course normally not need.

implementation 'javax.inject:javax.inject:1',
		'com.google.code.findbugs:jsr305:3.0.2',
		'org.springframework.boot:spring-boot-starter-web',
		'org.springframework.boot:spring-boot-starter-security',
		'net.minidev:json-smart:2.3',
		'com.nimbusds:oauth2-oidc-sdk:7.3',
		"com.microsoft.azure:msal4j:1.4.0",
		"org.apache.commons:commons-text:1.8",
		'com.microsoft.graph:microsoft-graph:1.7.1'