GoogleCloudPlatform · damemi · May 28, 2024 · May 20, 2024 · May 20, 2024 · May 20, 2024
@@ -41,3 +41,7 @@ Following are the configuration fields:
 - **project** - The Google Cloud Project telemetry is sent to if the gcp.project.id resource attribute is not set. If unspecified, this is determined using application default credentials.
 - [**scopes**](https://datatracker.ietf.org/doc/html/rfc6749#section-3.3) - The oauth 2.0 scopes requested by the extension.
 - [**quota_project**](https://cloud.google.com/apis/docs/system-parameters) - The project for quota and billing purposes. The caller must have serviceusage.services.use permission on the project.
+- **token_format** - The type of generated token. Default: `access_token`
+  - `access_token`: [OAuth 2.0 access token](https://cloud.google.com/docs/authentication/token-types#access) will be generated.
+  - `id_token`: Google-signed [ID token](https://cloud.google.com/docs/authentication/token-types#id) will be generated.
+- **audience** - The audience claim used for generating ID token
@@ -36,6 +36,13 @@ type Config struct {
 	// See https://datatracker.ietf.org/doc/html/rfc6749#section-3.3
 	Scopes []string `mapstructure:"scopes,omitempty"`
 
+	// TokenFormat specifies which type of token will be generated.
+	// default: access_token
+	TokenFormat string `mapstructure:"token_format,omitempty"`
+
+	// Audience specifies the audience claim used for generating ID token.
+	Audience string `mapstructure:"audience,omitempty"`
+
 	// TODO: Support impersonation, similar to what exists in the googlecloud collector exporter.
 }
 
@@ -54,8 +61,12 @@ var defaultScopes = []string{
 	"https://www.googleapis.com/auth/trace.append",
 }
 
+// defaultTokenFormat is the default value of token_format parameter.
+var defaultTokenFormat = "access_token"
+
 func CreateDefaultConfig() component.Config {
 	return &Config{
-		Scopes: defaultScopes,
+		Scopes:      defaultScopes,
+		TokenFormat: defaultTokenFormat,
 	}
 }
@@ -21,7 +21,9 @@ import (
 
 	"go.opentelemetry.io/collector/component"
 	"go.opentelemetry.io/collector/extension"
+	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
+	"google.golang.org/api/idtoken"
 	"google.golang.org/grpc/credentials/oauth"
 )
 
@@ -54,10 +56,26 @@ func (ca *clientAuthenticator) Start(ctx context.Context, _ component.Host) erro
 	if config.QuotaProject == "" {
 		config.QuotaProject = quotaProjectFromCreds(creds)
 	}
-	ca.TokenSource = &oauth.TokenSource{TokenSource: creds.TokenSource}
+	source, err := ca.newTokenSource(ctx, creds)
+	if err != nil {
+		return err
+	}
+	ca.TokenSource = &oauth.TokenSource{TokenSource: source}
 	return nil
 }
 
+func (ca *clientAuthenticator) newTokenSource(ctx context.Context, creds *google.Credentials) (oauth2.TokenSource, error) {
+	switch ca.config.TokenFormat {
+	case "id_token":
+		if ca.config.Audience == "" {
+			return nil, errors.New("audience must be specified")
+		}
+		return idtoken.NewTokenSource(ctx, ca.config.Audience)
+	default:
+		return creds.TokenSource, nil
+	}
+}
+
 func (ca *clientAuthenticator) Shutdown(ctx context.Context) error {
 	return nil
 }

@@ -7,6 +7,7 @@ require (
 	go.opentelemetry.io/collector/component v0.99.0
 	go.opentelemetry.io/collector/extension v0.94.0
 	golang.org/x/oauth2 v0.18.0
+	google.golang.org/api v0.162.0
 	google.golang.org/grpc v1.63.2
 )
 
@@ -16,11 +17,15 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-viper/mapstructure/v2 v2.0.0-alpha.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/knadh/koanf/maps v0.1.1 // indirect
 	github.com/knadh/koanf/providers/confmap v0.1.0 // indirect
 	github.com/knadh/koanf/v2 v2.1.1 // indirect
@@ -31,9 +36,11 @@ require (
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.52.3 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/collector/config/configtelemetry v0.99.0 // indirect
 	go.opentelemetry.io/collector/confmap v0.99.0 // indirect
 	go.opentelemetry.io/collector/pdata v1.6.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect
 	go.opentelemetry.io/otel v1.25.0 // indirect
 	go.opentelemetry.io/otel/exporters/prometheus v0.47.0 // indirect
 	go.opentelemetry.io/otel/metric v1.25.0 // indirect
@@ -42,6 +49,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.25.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
 	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect