Update JwtBearerTokenFlow.java (#1346)

JwtBearerTokenFlow: add additional setter to request an opaque token response Co-authored-by: Kalin Borisov <[email protected]>
SAP · Nov 15, 2023 · 911aef5 · 911aef5
1 parent b7f8007
commit 911aef5
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 1 deletion.
diff --git a/...client/src/main/java/com/sap/cloud/security/xsuaa/client/OAuth2TokenServiceConstants.java b/...client/src/main/java/com/sap/cloud/security/xsuaa/client/OAuth2TokenServiceConstants.java
@@ -35,7 +35,7 @@ private OAuth2TokenServiceConstants() {
 	public static final String GRANT_TYPE_CLIENT_X509 = "client_x509";
 	public static final String GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code"; // not supported by token-client
 																						// lib
-
+	public static final String TOKEN_FORMAT = "token_format";
 	public static final String TOKEN_TYPE_OPAQUE = "opaque";
 
 	public static final String PARAMETER_CLIENT_ID = "client_id";

diff --git a/token-client/src/main/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlow.java b/token-client/src/main/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlow.java
@@ -10,6 +10,8 @@
 import static com.sap.cloud.security.xsuaa.Assertions.assertNotNull;
 import static com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants.AUTHORITIES;
 import static com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants.SCOPE;
+import static com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants.TOKEN_FORMAT;
+import static com.sap.cloud.security.xsuaa.client.OAuth2TokenServiceConstants.TOKEN_TYPE_OPAQUE;
 import static com.sap.cloud.security.xsuaa.tokenflows.XsuaaTokenFlowsUtils.buildAdditionalAuthoritiesJson;
 
 /**
@@ -28,6 +30,7 @@ public class JwtBearerTokenFlow {
 	private List<String> scopes = new ArrayList<>();
 	private String subdomain;
 	private boolean disableCache;
+	private boolean opaque = false;
 
 	public JwtBearerTokenFlow(@Nonnull OAuth2TokenService tokenService,
 			@Nonnull OAuth2ServiceEndpointsProvider endpointsProvider,
@@ -139,6 +142,17 @@ public JwtBearerTokenFlow disableCache(boolean disableCache) {
 		return this;
 	}
 
+	/**
+	 * Can be used to change the format of the returned token.
+	 *
+	 * @param opaque enables opaque token format when set to {@code true}.
+	 * @return this builder.
+	 */
+	public JwtBearerTokenFlow setOpaqueTokenFormat(boolean opaque) {
+		this.opaque = opaque;
+		return this;
+	}
+
 	/**
 	 * Executes this flow against the XSUAA endpoint. As a result the exchanged JWT
 	 * token is returned.
@@ -156,6 +170,12 @@ public OAuth2TokenResponse execute() throws TokenFlowException {
 			throw new IllegalStateException("A bearer token must be set before executing the flow");
 		}
 
+		if (opaque) {
+			optionalParameters.put(TOKEN_FORMAT, TOKEN_TYPE_OPAQUE);
+		} else {
+			optionalParameters.remove(TOKEN_FORMAT);
+		}
+
 		String scopesParameter = String.join(" ", scopes);
 		if (!scopesParameter.isEmpty()) {
 			optionalParameters.put(SCOPE, scopesParameter);

diff --git a/...-client/src/test/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlowTest.java b/...-client/src/test/java/com/sap/cloud/security/xsuaa/tokenflows/JwtBearerTokenFlowTest.java
@@ -126,6 +126,32 @@ public void disableCacheIsUsed() throws Exception {
 		verifyThatDisableCacheIs(false);
 	}
 
+	@Test
+	public void execute_withOpaqueTokenFormat() throws TokenFlowException, OAuth2ServiceException {
+		final String OPAQUE = "opaque";
+		final String TOKEN_FORMAT = "token_format";
+		ArgumentCaptor<Map<String, String>> optionalParametersCaptor = ArgumentCaptor.forClass(Map.class);
+
+		cut.execute();
+		verify(tokenService, times(1))
+				.retrieveAccessTokenViaJwtBearerTokenGrant(any(), any(), any(), any(),
+						optionalParametersCaptor.capture(), anyBoolean());
+		assertThat(optionalParametersCaptor.getValue()).doesNotContainEntry(TOKEN_FORMAT, OPAQUE);
+
+
+		cut.setOpaqueTokenFormat(true).execute();
+		verify(tokenService, times(2))
+				.retrieveAccessTokenViaJwtBearerTokenGrant(any(), any(), any(), any(),
+						optionalParametersCaptor.capture(), anyBoolean());
+		assertThat(optionalParametersCaptor.getValue()).containsEntry(TOKEN_FORMAT, OPAQUE);
+
+		cut.setOpaqueTokenFormat(false).execute();
+		verify(tokenService, times(3))
+				.retrieveAccessTokenViaJwtBearerTokenGrant(any(), any(), any(), any(),
+						optionalParametersCaptor.capture(), anyBoolean());
+		assertThat(optionalParametersCaptor.getValue()).doesNotContainEntry(TOKEN_FORMAT, OPAQUE);
+	}
+
 	@Test
 	public void execute_withAdditionalAuthorities() throws TokenFlowException, OAuth2ServiceException {
 		Map<String, String> additionalAuthorities = new HashMap<>();