If you try with system user, It will succeed to connect. If you try with different user(whether the user exists or not) It fails with OAUTH exception. This is a very rare case.
I think we should use O3Logon protocol to authenticate the user. We should use lower version(for example: ojdbc14.jar compatible with JDK 1.5) and not the latest version, since starting with 11g release, JDBC thin driver implements O5Logon challenge-response protocol instead of O3Logon to authenticate the user.
Just a little bump to inform that the suggestion of setting the property "oracle.jdbc.thinLogonCapability" to "o3" seemed to have worked for me. I'm very happy about this, as I was also getting a "OAUTH marshaling failure"-message while running our project.
(Side note: our project is being migrated from JDeveloper 126.96.36.199 with JRE 1.3.0_02 to JDeveloper 188.8.131.52.0 with JRE 1.6.0_24)