Duplicate classes in com.nimbusds:nimbus-jose-jwt and in-app-payments-sdk on Android

When integrating Square’s React Native In App Payments SDK, I got the duplicate class build error on Android. Those classes are found in com.nds.threeds:threedssdk-release (transitive dependency of com.squareup.sdk.in-app-payments:buyer-verification) and com.nimbusds:nimbus-jose-jwt (transitive dependency of our app).
I guess that the nimbus-jose-jwt library is packaged into the threedssdk-release library. Would you guys consider pulling it out and making threedssdk-release depend on nimbus-jose-jwt library instead?

According to the team we can’t pull out nimbus-jose-jwt. Instead you can try to remove transitive dependency and rely on the version shipped. But there’s a chance that version won’t match. Still worth a try according to the team. Excluding transitive dependency on nimbus can be done like this:

implementation("com.something:dependency-with-transitive-nimbusds:1.0.0") {
  exclude group: 'com.nimbusds', module: 'nimbus-jose-jwt'


This could be an option, but I still have some questions. Which exact version is packaged into threedssdk-release? And I found that some classes are missing in the packaged version, after inspecting the classes.jar in threedssdk-release and nimbus-jose-jwt. This may lead to some problem :fearful:.

Another option is to download threedssdk-release aar, remove the nimbus classes from the classes.jar inside of it, them package it back as aar and use it; while also depending on the nimbus library yourself. Theoretically this might work and threeds sdk will just use the dependency provided by developers instead of the packaged one.

The one thing you need to be aware of is that there’s not guarantee that buyer verification will still work. :slightly_smiling_face: