[Feature Request] Make Maven POM license metadata SPDX-friendly (MIT)

[kazuki-ma]

MSAL client type

Public

Problem Statement

Several modules in this repo declare the license in pom.xml under <licenses> but only set the license name (e.g., MIT License) and omit the license URL.
Some automated license validation tools rely on SPDX-style identifiers/URLs to recognize licenses, and may fail (or flag as “unknown”) when the POM has only a free-form name with no URL.

As of January 13, 2026, I searched existing issues in this repo for keywords like “license”, “SPDX”, “pom”, and “MIT”, and did not find an issue specifically requesting adding SPDX-friendly license metadata. If this is a duplicate, please point me to the right thread.

Affected files

• msal4j-sdk/pom.xml
• msal4j-brokers/pom.xml
• msal4j-persistence-extension/pom.xml

Current shape (simplified):

<licenses>
  <license>
    <name>MIT License</name>
  </license>
</licenses>

Proposed solution

Update the license metadata to be more SPDX/tool-friendly by:

• Using the SPDX short identifier in <name>: MIT
• Adding the canonical MIT license URL
• Adding <distribution>repo</distribution>

Example:

<licenses>
  <license>
    <name>MIT</name>
    <url>https://opensource.org/license/mit/</url>
    <distribution>repo</distribution>
  </license>
</licenses>

Why this helps

• Improves compatibility with automated license scanners/validators that match licenses by SPDX identifiers/URLs.
• Makes the Maven POM license metadata more complete and machine-readable.

Alternatives

• If maintainers prefer keeping the display name, we can keep <name>MIT License</name> and only add <url> + <distribution>repo</distribution>.
• Alternatively, the SPDX page URL could be used (https://spdx.org/licenses/MIT.html) depending on tool expectations.

References

• SPDX MIT License: https://spdx.org/licenses/MIT.html
• OSI MIT License page: https://opensource.org/license/mit/
• Maven POM licenses: https://maven.apache.org/pom.html#Licenses