diff --git a/plugins/common/oauth/config.go b/plugins/common/oauth/config.go index aa42a7a65..6175e2093 100644 --- a/plugins/common/oauth/config.go +++ b/plugins/common/oauth/config.go @@ -13,20 +13,28 @@ type OAuth2Config struct { ClientID string `toml:"client_id"` ClientSecret string `toml:"client_secret"` TokenURL string `toml:"token_url"` + Audience string `toml:"audience"` Scopes []string `toml:"scopes"` } func (o *OAuth2Config) CreateOauth2Client(ctx context.Context, client *http.Client) *http.Client { - if o.ClientID != "" && o.ClientSecret != "" && o.TokenURL != "" { - oauthConfig := clientcredentials.Config{ - ClientID: o.ClientID, - ClientSecret: o.ClientSecret, - TokenURL: o.TokenURL, - Scopes: o.Scopes, - } - ctx = context.WithValue(ctx, oauth2.HTTPClient, client) - client = oauthConfig.Client(ctx) + if o.ClientID == "" || o.ClientSecret == "" || o.TokenURL == "" { + return client } + oauthConfig := clientcredentials.Config{ + ClientID: o.ClientID, + ClientSecret: o.ClientSecret, + TokenURL: o.TokenURL, + Scopes: o.Scopes, + } + + if o.Audience != "" { + oauthConfig.EndpointParams.Add("audience", o.Audience) + } + + ctx = context.WithValue(ctx, oauth2.HTTPClient, client) + client = oauthConfig.Client(ctx) + return client } diff --git a/plugins/outputs/http/README.md b/plugins/outputs/http/README.md index b1cf6d7db..165f66c88 100644 --- a/plugins/outputs/http/README.md +++ b/plugins/outputs/http/README.md @@ -44,6 +44,7 @@ to use them. # client_id = "clientid" # client_secret = "secret" # token_url = "https://indentityprovider/oauth2/v1/token" + # audience = "" # scopes = ["urn:opc:idm:__myscopes__"] ## Goole API Auth diff --git a/plugins/outputs/http/sample.conf b/plugins/outputs/http/sample.conf index 4192fea54..b15cee557 100644 --- a/plugins/outputs/http/sample.conf +++ b/plugins/outputs/http/sample.conf @@ -17,6 +17,7 @@ # client_id = "clientid" # client_secret = "secret" # token_url = "https://indentityprovider/oauth2/v1/token" + # audience = "" # scopes = ["urn:opc:idm:__myscopes__"] ## Goole API Auth