diff --git a/cloudplatform/connectivity-oauth/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2Service.java b/cloudplatform/connectivity-oauth/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2Service.java
index ea3b29d8a..1304e145d 100644
--- a/cloudplatform/connectivity-oauth/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2Service.java
+++ b/cloudplatform/connectivity-oauth/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2Service.java
@@ -148,18 +148,13 @@ String retrieveAccessToken()
                 onBehalfOf,
                 identity.getId());
 
-        final OAuth2TokenResponse tokenResponse = ResilienceDecorator.executeSupplier(() -> {
-            switch( onBehalfOf ) {
-                case TECHNICAL_USER_PROVIDER:
-                    return executeClientCredentialsFlow(null);
-                case TECHNICAL_USER_CURRENT_TENANT:
-                    final Tenant tenant = TenantAccessor.tryGetCurrentTenant().getOrNull();
-                    return executeClientCredentialsFlow(tenant);
-                case NAMED_USER_CURRENT_TENANT:
-                    return executeUserExchangeFlow();
-                default:
-                    throw new IllegalStateException("Unknown behalf " + onBehalfOf);
-            }
+        final OAuth2TokenResponse tokenResponse = ResilienceDecorator.executeSupplier(() -> switch (onBehalfOf) {
+          case TECHNICAL_USER_PROVIDER -> executeClientCredentialsFlow(null);
+          case TECHNICAL_USER_CURRENT_TENANT -> {
+            final Tenant tenant = TenantAccessor.tryGetCurrentTenant().getOrNull();
+            yield executeClientCredentialsFlow(tenant);
+          }
+          case NAMED_USER_CURRENT_TENANT -> executeUserExchangeFlow();
         }, resilienceConfiguration);
 
         if( tokenResponse == null ) {
@@ -231,6 +226,7 @@ private void setAppTidInCaseOfIAS( @Nullable final String tenantId )
             if( onBehalfOf == OnBehalfOf.NAMED_USER_CURRENT_TENANT ) {
                 // workaround until a fix is provided by IAS
                 additionalParameters.put("refresh_expiry", "0");
+                additionalParameters.put("token_format", "jwt");
             }
         }
     }
@@ -475,6 +471,6 @@ OAuth2Service build()
     enum TenantPropagationStrategy
     {
         TENANT_SUBDOMAIN,
-        ZID_HEADER;
+        ZID_HEADER
     }
 }
diff --git a/release_notes.md b/release_notes.md
index bc140eba2..1234ea31d 100644
--- a/release_notes.md
+++ b/release_notes.md
@@ -10,6 +10,7 @@
 
 - [Connectivity Destination Service] Migrated to Apache Httpclient 5.
   - The replacement for `HttpClientAccessor` is `ApacheHttpClient5Accessor`
+- [OAuth2] Set `token_format=jwt` for `NAMED_USER_CURRENT_TENANT` IAS token exchange.
 
 ### ✨ New Functionality