Toggle-able setter, and unit test

token-client/src/main/java/com/sap/cloud/security/xsuaa/client/OAuth2TokenServiceConstants.java

@@ -35,7 +35,7 @@ private OAuth2TokenServiceConstants() {
 	public static final String GRANT_TYPE_CLIENT_X509 = "client_x509";
 	public static final String GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code"; // not supported by token-client
 																						// lib
-
+	public static final String TOKEN_FORMAT = "token_format";
 	public static final String TOKEN_TYPE_OPAQUE = "opaque";
 
 	public static final String PARAMETER_CLIENT_ID = "client_id";

token-client/src/main/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlow.java

@@ -10,6 +10,8 @@
 import static com.sap.cloud.security.xsuaa.Assertions.assertNotNull;
 import static com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants.AUTHORITIES;
 import static com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants.SCOPE;
+import static com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants.TOKEN_FORMAT;
+import static com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants.TOKEN_TYPE_OPAQUE;
 import static com.sap.cloud.security.xsuaa.tokenflows.XsuaaTokenFlowsUtils.buildAdditionalAuthoritiesJson;
 
 /**
@@ -28,6 +30,7 @@ public class JwtBearerTokenFlow {
 	private List<String> scopes = new ArrayList<>();
 	private String subdomain;
 	private boolean disableCache;
+	private boolean opaque = false;
 
 	public JwtBearerTokenFlow(@Nonnull OAuth2TokenService tokenService,
 			@Nonnull OAuth2ServiceEndpointsProvider endpointsProvider,
@@ -140,12 +143,14 @@ public JwtBearerTokenFlow disableCache(boolean disableCache) {
 	}
 
 	/**
-	 * Can be used to change the format of the returned token to opaque.
+	 * Can be used to change the format of the returned token.
 	 *
+	 * @param opaque
+	 *            - allows both enabling or disabling the opaque format {@code true}.
 	 * @return this builder.
 	 */
-	public JwtBearerTokenFlow enableOpaqueResponse() {
-		optionalParameters.put("token_format", "opaque");
+	public JwtBearerTokenFlow setOpaqueTokenFormat(boolean opaque) {
+		this.opaque = opaque;
 		return this;
 	}
 
@@ -166,6 +171,10 @@ public OAuth2TokenResponse execute() throws TokenFlowException {
 			throw new IllegalStateException("A bearer token must be set before executing the flow");
 		}
 
+		if (opaque) {
+			optionalParameters.put(TOKEN_FORMAT, TOKEN_TYPE_OPAQUE);
+		}
+
 		String scopesParameter = String.join(" ", scopes);
 		if (!scopesParameter.isEmpty()) {
 			optionalParameters.put(SCOPE, scopesParameter);

token-client/src/test/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlowTest.java

@@ -126,6 +126,20 @@ public void disableCacheIsUsed() throws Exception {
 		verifyThatDisableCacheIs(false);
 	}
 
+	@Test
+	public void execute_withOpaqueTokenFormat() throws TokenFlowException, OAuth2ServiceException {
+		ArgumentCaptor<Map<String, String>> optionalParametersCaptor = ArgumentCaptor.forClass(Map.class);
+
+		cut.setOpaqueTokenFormat(true).execute();
+
+		verify(tokenService, times(1))
+				.retrieveAccessTokenViaJwtBearerTokenGrant(any(), any(), any(), any(),
+						optionalParametersCaptor.capture(), anyBoolean());
+
+		Map<String, String> optionalParameters = optionalParametersCaptor.getValue();
+		assertThat(optionalParameters).containsEntry("token_format", "opaque");
+	}
+
 	@Test
 	public void execute_withAdditionalAuthorities() throws TokenFlowException, OAuth2ServiceException {
 		Map<String, String> additionalAuthorities = new HashMap<>();