Explicit GSON dependency is required for deserializing StripeObject

Describe the bug

When using the below code, it is not able to find JsonObject in the project and the builds are failing :

StripeObject stripeObject = StripeObject.deserializeStripeObject(
                    event.getData().getObject().toJson(),
                    event.getData().getObject().getClass(),
                    new LiveStripeResponseGetter()
            );

Full Code :

 @PostMapping("/webhook/stripe")
    public void handleStripeEvents(
            @RequestBody String payload,
            @RequestHeader("Stripe-Signature") String sigHeader
    ) {
        log.debug("Webhook received with sigHeader: {}", sigHeader);
        try {
            // Verify the signature
            Webhook.Signature.verifyHeader(payload, sigHeader, endpointSecret, 300L);
            log.debug("Webhook received and verified header: {}", sigHeader);

            Event event = Webhook.constructEvent(payload, sigHeader, endpointSecret);
            log.info("event_id : {}, event_type: {}", event.getId(), event.getType());

            StripeObject stripeObject = StripeObject.deserializeStripeObject(
                    event.getData().getObject().toJson(),
                    event.getData().getObject().getClass(),
                    new LiveStripeResponseGetter()
            );

            paymentService.handleStripeEvents(stripeObject);
            log.info("Event processed successfully: {}", event.getId());

        } catch (SignatureVerificationException e) {
            // Invalid signature
            log.error("Event signature verification failed: sigHeader[{}]", sigHeader, e);
            throw new APIException("Invalid Event- signature verification failed", HttpStatus.BAD_REQUEST);
        } catch (Exception e) {
            // Other exceptions
            log.error("Error processing event: {}", e.getMessage(), e);
            throw new APIException("Error processing event", HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }

Workaround is there but solution is required to be updated in API :

Add below dependency in the project to resolve the issue :

      <!-- https://mvnrepository.com/artifact/com.google.code.gson/gson -->
      <dependency>
          <groupId>com.google.code.gson</groupId>
          <artifactId>gson</artifactId>
          <version>2.10.1</version>
      </dependency>

To Reproduce

Use the below controller code with Spring Boot app to reproduce the issue :

 @PostMapping("/webhook/stripe")
    public void handleStripeEvents(
            @RequestBody String payload,
            @RequestHeader("Stripe-Signature") String sigHeader
    ) {
        log.debug("Webhook received with sigHeader: {}", sigHeader);
        try {
            // Verify the signature
            Webhook.Signature.verifyHeader(payload, sigHeader, endpointSecret, 300L);
            log.debug("Webhook received and verified header: {}", sigHeader);

            Event event = Webhook.constructEvent(payload, sigHeader, endpointSecret);
            log.info("event_id : {}, event_type: {}", event.getId(), event.getType());

            StripeObject stripeObject = StripeObject.deserializeStripeObject(
                    event.getData().getObject().toJson(),
                    event.getData().getObject().getClass(),
                    new LiveStripeResponseGetter()
            );

            paymentService.handleStripeEvents(stripeObject);
            log.info("Event processed successfully: {}", event.getId());

        } catch (SignatureVerificationException e) {
            // Invalid signature
            log.error("Event signature verification failed: sigHeader[{}]", sigHeader, e);
            throw new APIException("Invalid Event- signature verification failed", HttpStatus.BAD_REQUEST);
        } catch (Exception e) {
            // Other exceptions
            log.error("Error processing event: {}", e.getMessage(), e);
            throw new APIException("Error processing event", HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }

Expected behavior

Expected behavior is that the explicit adding of GSON dependency should not be required after using Stripe SDK

Code snippets

@PostMapping("/webhook/stripe")
    public void handleStripeEvents(
            @RequestBody String payload,
            @RequestHeader("Stripe-Signature") String sigHeader
    ) {
        log.debug("Webhook received with sigHeader: {}", sigHeader);
        try {
            // Verify the signature
            Webhook.Signature.verifyHeader(payload, sigHeader, endpointSecret, 300L);
            log.debug("Webhook received and verified header: {}", sigHeader);

            Event event = Webhook.constructEvent(payload, sigHeader, endpointSecret);
            log.info("event_id : {}, event_type: {}", event.getId(), event.getType());

            StripeObject stripeObject = StripeObject.deserializeStripeObject(
                    event.getData().getObject().toJson(),
                    event.getData().getObject().getClass(),
                    new LiveStripeResponseGetter()
            );

            paymentService.handleStripeEvents(stripeObject);
            log.info("Event processed successfully: {}", event.getId());

        } catch (SignatureVerificationException e) {
            // Invalid signature
            log.error("Event signature verification failed: sigHeader[{}]", sigHeader, e);
            throw new APIException("Invalid Event- signature verification failed", HttpStatus.BAD_REQUEST);
        } catch (Exception e) {
            // Other exceptions
            log.error("Error processing event: {}", e.getMessage(), e);
            throw new APIException("Error processing event", HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }

OS

Ubuntu

Java version

Java 17

stripe-java version

v25.13.0

API version

25.13.0

Additional context

No response

stripe / stripe-java

Explicit GSON dependency is required for deserializing StripeObject #1928