Describe the bug When using JdbcOAuth2AuthorizedClientService with Oracle DB (>10g) got ClassCastException: [B cannot be cast to oracle.sql.BLOB at step: insertAuthorizedClient().

To Reproduce Pre-Conditions: - Spring Security 5.3.2.RELEASE - Configure OAuth2 to use JdbcOAuth2AuthorizedClientService to persist Authorized Clients - Create (Oracle) DB scheme, using oauth2-client-schema.sql

Expected behavior Persist/update Authorized Clients in Oracle DB (>10g) according to existing logic.

Sample Used official Spring 5.3.2.RELEASE code snapshots - to point to the place(s) where issue happened: 1. JdbcOAuth2AuthorizedClientService: in saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) line 137 call of insertAuthorizedClient(authorizedClient, principal); 

private void insertAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal) {
        List<SqlParameterValue> parameters = this.authorizedClientParametersMapper.apply(
                new OAuth2AuthorizedClientHolder(authorizedClient, principal));
        PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters.toArray());

        this.jdbcOperations.update(SAVE_AUTHORIZED_CLIENT_SQL, pss);
}
  1. JdbcTemplate: 2.1 in protected int update(final PreparedStatementCreator psc, @Nullable final PreparedStatementSetter pss) line: 862: return updateCount(execute(psc, ps -> { 2.2 in public T execute(PreparedStatementCreator psc, PreparedStatementCallback action) line 617: T result = action.doInPreparedStatement(ps);

caused: ClassCastException: [B cannot be cast to oracle.sql.BLOB

Comment From: jgrandja

@Taraskin Have you tried configuring a custom mapper via JdbcOAuth2AuthorizedClientService.setAuthorizedClientParametersMapper()?

As mentioned in this comment:

It is very difficult to provide an implementation that works out of the box for all databases. This implementation strives to use standard sql datatypes and is a simplified JDBC implementation. However, it is designed to be customizable so user's can provide customizations for database vendors that deviate from the standard sql types.

Providing a custom JdbcOAuth2AuthorizedClientService.setAuthorizedClientParametersMapper() is the solution for the issue you are facing.

I'm going to close this but if you are still having issues after you have tried out the proposed solution we can re-open and discuss further.

Comment From: Taraskin

@jgrandja Yes, I've already used this way to solve an issue. Thank you for a response.

UPD: I decided to use CLOB instead of BLOB data types (Oracle) to keep the tokens, added custom implementation (will try to prepare code snapshots later) of OAuth2AuthorizedClientParametersMapper and OAuth2AuthorizedClientRowMapper.