Skip to content

consider switching to jose #8095

New issue
New issue
Open
Open
consider switching to jose#8095
Labels
Needs: Attention 👋Awaiting response from the MSAL.js teamconfidential-clientIssues regarding ConfidentialClientApplicationsfeature-unconfirmedmsal-nodeRelated to msal-node packagequestionCustomer is asking for a clarification, use case or information.
@43081j

Description

@43081j
43081j
opened on Oct 13, 2025

Core Library

MSAL Node (@azure/msal-node)

Wrapper Library

Not Applicable

Public or Confidential Client?

Confidential

Description

microsoft-authentication-library-for-js/lib/msal-node/package.json

Line 87 in 1e6420e

"jsonwebtoken": "^9.0.0",

auth0 themselves seem to recommend the jose library these days, and the jsonwebtoken package hasn't been updated in a few years now.

it may be worth switching to jose for a few reasons:

  • it supports more algorithms
  • it is around the same size (slightly smaller)
  • it has no dependencies
  • jsonwebtoken depends on long deprecated packages which are unmaintained and will never receive security updates (if ever needed)

thanks to the better support and more modern feature set, it is more likely to be adopted going forward than jsonwebtoken is. so we will also gain from npm de-dupe.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Needs: Attention 👋Awaiting response from the MSAL.js teamconfidential-clientIssues regarding ConfidentialClientApplicationsfeature-unconfirmedmsal-nodeRelated to msal-node packagequestionCustomer is asking for a clarification, use case or information.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions