Spring Security OAuth2AccessTokenResponse cannot be serialized by Jackson

Expected Behavior

OAuth2AccessTokenResponse can be serialized.

Token storing with redis is popular .

    @Bean
    public RedisTemplate<Object, Object> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
        RedisTemplate<Object, Object> redisTemplate = new RedisTemplate<>();
        redisTemplate.setConnectionFactory(redisConnectionFactory);
        //  use Jackson2JsonRedisSerialize  
        Jackson2JsonRedisSerializer<Object> jackson2JsonRedisSerializer = initJacksonSerializer();
        //  keySerial and valueSerial
        redisTemplate.setValueSerializer(jackson2JsonRedisSerializer);
        redisTemplate.setKeySerializer(new StringRedisSerializer());
        redisTemplate.afterPropertiesSet();
        return redisTemplate;
    }

Current Behavior Now it is a final class.

public final class OAuth2AccessTokenResponse {
 //  ignore
}

Context

Cause :

Caused by: com.fasterxml.jackson.databind.exc.MismatchedInputException: Unexpected token (START_OBJECT), expected START_ARRAY: need JSON Array to contain As.WRAPPER_ARRAY type information for class java.lang.Object
 at [Source: (byte[])"{"accessToken":["org.springframework.security.oauth2.core.OAuth2AccessToken"

When I make ObjectMapper that :

    //  jackson
    ObjectMapper om = new ObjectMapper();
   om.activateDefaultTyping(om.getPolymorphicTypeValidator(), ObjectMapper.DefaultTyping.NON_FINAL);

Cause :

java.lang.ClassCastException: java.util.LinkedHashMap cannot be cast to org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse

Comment From: jgrandja

@NotFound403 This is by design that OAuth2AccessTokenResponse is not meant to be Serializable. However, it's member's OAuth2AccessToken and OAuth2RefreshToken are via the supported OAuth2AccessTokenMixin and OAuth2RefreshTokenMixin.

For further details please see gh-4886, gh-7873 and gh-7889.