Docs » Get started with the Splunk Distribution of the OpenTelemetry Collector » Collector components » Collector components: Extensions » OAuth2 Client Auth extension

OAuth2 Client Auth extension πŸ”—

The oauth2client extension provides OAuth2 client credentials flow authentication for HTTP and gRPC based exporters. The extension automatically fetches and refreshes the token after it expires.

For further details about the OAuth2 Client Credentials flow (2-legged workflow), refer to Client Credentials Grant in the OAuth 2.0 authorization framework specification.

For information about the available exporters, see Collector components: Exporters.

Get started πŸ”—

Follow these steps to configure and activate the component:

  1. Deploy the Splunk Distribution of the OpenTelemetry Collector to your host or container platform:

  1. Configure the extension as described in the next section.

  2. Restart the Collector.

Sample configuration πŸ”—

To activate the component, add oauth2client to the extensions section of your configuration file:

extensions:
  oauth2client:

To complete the configuration, include the extension in the service section of your configuration file:

service:
  extensions: [oauth2client]

Note

Set the authenticator type to oauth2client in the exporter using the OAuth2 Client Auth extension. See Configuration example.

Configuration settings πŸ”—

The following settings are required to configure the extension:

  • token_url. The resource server’s token endpoint URLs.

  • client_id. The client identifier issued to the client.

  • client_id_file. The file path to retrieve the client identifier issued to the client. The extension reads this file and updates the client ID when you need to issue a new token.

    • This parameter allows you to dynamically change the client credentials by modifying the file contents when, for example, you need to rotate the token.

    • This setting takes precedence over client_id.

  • client_secret. The secret string associated with the identifier.

  • client_secret_file. The file path to retrieve the secret string associated with the identifier. The extension reads this file and updates the client secret when you need to issue a new token.

    • This paramater allows you to dynamically change the client credentials by modifying the file contents when, for example, you need to rotate the token.

    • This setting takes precedence over client_secret.

  • endpoint_params. Additional parameters sent to the token endpoint.

  • scopes. Optional. Requested permissions associated to the client.

  • timeout. Optional. Specifies the timeout on the underlying client for the authorization server to fetch the tokens, both initially and while refreshing.

    • If void, there is no timeout on the client.

For more information on the client side TLS settings, see Configure TLS.

Configuration example πŸ”—

This is a configuration example for the extension:

extensions:
  oauth2client:
    client_id: someclientid
    client_secret: someclientsecret
    endpoint_params:
      audience: someaudience
    token_url: https://example.com/oauth2/default/v1/token
    scopes: ["api.metrics"]
    # tls settings for the token client
    tls:
      insecure: true
      ca_file: /var/lib/mycert.pem
      cert_file: certfile
      key_file: keyfile
    # timeout for the token client
    timeout: 2s

receivers:
  hostmetrics:
    scrapers:
      memory:
  otlp:
    protocols:
      grpc:

exporters:
  otlphttp/withauth:
    endpoint: http://localhost:9000
    auth:
      authenticator: oauth2client

  otlp/withauth:
    endpoint: 0.0.0.0:5000
    tls:
      ca_file: /tmp/certs/ca.pem
    auth:
      authenticator: oauth2client

service:
  extensions: [oauth2client]
  pipelines:
    metrics:
      receivers: [hostmetrics]
      processors: []
      exporters: [otlphttp/withauth, otlp/withauth]

Settings πŸ”—

The following table shows the configuration options for the oauth2client extension:

Troubleshooting πŸ”—

If you are a Splunk Observability Cloud customer and are not able to see your data in Splunk Observability Cloud, you can get help in the following ways.

Available to Splunk Observability Cloud customers

Available to prospective customers and free trial users

  • Ask a question and get answers through community support at Splunk Answers .

  • Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide. To join, see Chat groups in the Get Started with Splunk Community manual.

This page was last updated on Sep 18, 2024.