APEX

I am having problems decrypting a password when calling my custom authentication from Login into my APEX application:

Oracle APEX 24.2.5

Oracle Database 23ai Enterprise Edition Release 23.0.0.0.0

Error Stack: ORA-28817: PL/SQL function returned an error. 
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 153 
ORA-06512: at "SYS.DBMS_CRYPTO", line 79 
ORA-06512: at "MY_SCHEMA.PKG_UTILS", line 53 
ORA-06512: at "MY_SCHEMA.PKG_LOGIN_AUTHENTICATION", line 88

However, when I do this from within SQL Developer everything works fine:

1. I have given all of my schemas execute permissions to DBMS_CRYPTO
2. Encrypt a password using MY_SCHEMA.PKG_UTILS.f_encrypt_string (f_input_string IN VARCHAR2) and save this in my database.
3. Test decrypting this password in an editor using: MY_SCHEMA.PKG_UTILS.f_decrypt_string (f_encrypted_raw IN RAW)
4. Then I run MY_SCHEMA.PKG_LOGIN_AUTHENTICATION.f_check_login_allowed (p_username VARCHAR2, p_password VARCHAR2) and this returns the boolean value (True or False). I run this as my default APEX schema.
5. I can also encrypt a password succesfully from my front end and it gets stored correctly in the appropriate table.

However, as soon as I run this from within my APEX application, I get an error at the point of calling DBMS_CRYPTO.decrypt in MY_SCHEMA.PKG_UTILS.f_decrypt_string

Below is an example of my global variables - declared in my package - and my encrypt and decrypt functions.

g_encryption_type       PLS_INTEGER := dbms_crypto.ENCRYPT_AES256 + dbms_crypto.CHAIN_CBC + dbms_crypto.PAD_PKCS5;  

g_num_key_bytes         NUMBER      := redacted;  
g_key_bytes_raw         RAW (32)    := dbms_crypto.RANDOMBYTES (g_num_key_bytes);            

FUNCTION f_encrypt_string (f_input_string IN VARCHAR2)
  RETURN RAW
IS
  l_encrypted_raw   RAW (2000);  
BEGIN               
  l_encrypted_raw := DBMS_CRYPTO.encrypt (src => UTL_I18N.string_to_raw (f_input_string, 'AL32UTF8'),
                                          typ => g_encryption_type,
                                          key => g_key_bytes_raw);
  RETURN l_encrypted_raw;
 END f_encrypt_string;

 FUNCTION f_decrypt_string (f_encrypted_raw IN RAW)
 	RETURN VARCHAR2
 IS
 	l_output_string   VARCHAR2 (200);
 	l_decrypted_raw   RAW (2000);
 
 BEGIN
 	--BELOW LINE IS line 53 where the error is triggered   
 	l_decrypted_raw := DBMS_CRYPTO.decrypt (src => f_encrypted_raw,
                                            typ => g_encryption_type,
                                            key => g_key_bytes_raw);
                                            
    l_output_string := UTL_RAW.cast_to_varchar2 (l_decrypted_raw);
    RETURN l_output_string;
 END f_decrypt_string;   

Any insight on why this works fine from SQLdeveloper but not from my application, please?

Thank you

Annelize