CSHARP-4475 added an AllowedTypes filter to ObjectSerializer to prevent deserializing into unsafe types. However, it is currently being applied during both serialization and deserialization, which is negatively impacting the Realm .NET SDK which utilizes the object serializer in a lot of our public API. Since serialization is generally safe, regardless of the type provided, it would be beneficial to allow different filters for serializing vs deserializing using the ObjectSerializer.

Example API affected by this change are:

// Call an Atlas App Services function
Task<T> CallAsync<T>(string name, params object[] args) {}

// Run an aggregation pipeline through the Atlas App Services
// remote MongoDB client
Task<TProjection[]> AggregateAsync<TProjection>(params object[] pipeline) {}

// Invoke FindOneAndUpdate through the Atlas App Services
// remote MongoDB client
Task<TDocument> FindOneAndUpdateAsync(object filter, object updateDocument, object sort = null, object projection = null, bool upsert = false, bool returnNewDocument = false) {}

As can be seen in those examples, the arguments we're accepting are untyped objects, which we serialize to json using ObjectSerializer and we're returning objects of a concrete type, which would typically use a different serializer type.

(the reason we're using untyped API for a lot of these MongoDB operations is to allow developers the flexibility of using BsonDocument, their own POCOs representing filters/projections, or even anonymous objects - I realize this is a departure from the API exposed by the C# driver)

Decoupling the serialization from deserialization filters gives us the flexibility to accept wide range of inputs, while still protecting users from accidentally deserializing unsafe types.