nimbus-jose-jwt change from JSON Smart to GSon upgrade has breaking changes on serialization and desrialization for jsonObject

[far768]

Issue Description: When generating JWTtoken, Before upgrading to version 9.24+, serialization and de-serialization of a 'JSONObject' containing a class object with a field of type 'Map<String, List>' worked correctly. This was because the getter method was being called during serialization, ensuring proper handling of the data. However, after upgrading to version 9.24+, issues arose where serialization is performed directly on the field type, neglecting to use the getter method for serialization.

Steps to Reproduce:

1. Define a class with a field of type Map<String, List<String>>.
2. Ensure the class has appropriate getter and setter methods for the field (In my case it is manipulated to have List type for handling client side use case).
3. Serialize an instance of this class using JSONObject.
4. Deserialize the JSON object back into an instance of the class.

Expected Behavior:

• The getter method for the field should be invoked during serialization, ensuring correct handling of the data.

Actual Behavior:

• Serialization occurs directly on the field type, bypassing the getter method.

Additional Information:

• This issue started occurring after upgrading to version 9.24+.
• JSON to Gson change has the impact. tried using TypeAdapterFactory class to use custom TypeAdapter but that is not getting invoked/used by gson on execution.

Tech stack:

• Java Version: 17+
• Library/Tool Version: Spring 3+

[far768]

Additional Information:

for token encryption, using EncryptedJWT and in the encrypt there is process of getPayload().toByetes() in the Payload class where toString() is called and next it goes to the condition where JSONObjectUtils.toJsonString(jsonObject) is called. further the serialization taking place using GSON lib.

[dvsekhvalnov]

Hi @far768 , guess you've posted issue to wrong project?

I'm not a guy behind nimbus library (though do cross compatibility tests against it) and this is other library named jose-jwt :)

[far768]

yup, realized later, thanks @dvsekhvalnov for correcting.

got the resolution here.

closing this.