So it is actually a Google OAuth Credentials plugin issue (3000) installs.
In order to apply a whitelist workaround, one needs to whitelist...
- all implementations of org.joda.time.Chronology which may be actually used in the system (~15 of them in JodaTime directly)
The field under concern is "private final DateTime expiration;" within RemotableGoogleCredentials. Although the logic can be easily reworked to serialize "lifetimeSeconds" instead, we have an issue with the already persisted data on the disk. Dropping the expiration settings is not something fine IMO, we will need a better migration logic
Jesse Glick it seems we will need to write a custom XStream deserializer here