[FEATURE] OAuth2 Client Credentials support for OTLP exporter
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Claude Code's OTLP exporter only supports static headers via OTEL_EXPORTER_OTLP_HEADERS. Enterprise observability backends (Datadog, Azure Monitor, Grafana Cloud, cu
stom OTEL collectors) often require OAuth2 authentication with automatic token refresh.
Currently, workarounds like OTEL Collector sidecars add operational complexity that could be avoided with native support.
Proposed Solution
Add OAuth2 Client Credentials flow (RFC 6749 Section 4.4) support to the OTLP exporter.
New Environment Variables:
| Variable | Description |
|----------|-------------|
| OTEL_EXPORTER_OTLP_AUTH | Set to oauth2 to enable |
| OTEL_EXPORTER_OTLP_OAUTH_TOKEN_URL | Token endpoint URL |
| OTEL_EXPORTER_OTLP_OAUTH_CLIENT_ID | Client ID |
| OTEL_EXPORTER_OTLP_OAUTH_CLIENT_SECRET | Client secret |
| OTEL_EXPORTER_OTLP_OAUTH_SCOPES | Space-separated scopes (optional) |
Behavior:
- Fetch token on first telemetry export
- Cache token in memory
- Refresh automatically before expiry (e.g., 60s buffer)
- Support existing mTLS for token endpoint if configured
Alternative Solutions
- OTEL Collector sidecar - Works but adds deployment complexity
- Wrapper scripts - Tokens don't refresh during long sessions
- Static long-lived tokens - Not supported by most OAuth2 providers
Priority
Medium - Would be very helpful
Feature Category
Other
Use Case Example
I'm deploying Claude Code in an enterprise environment where our observability backend requires OAuth2 Client Credentials authentication. The tokens expire every hour,
so static headers don't work for long sessions.
This is a common pattern - the OTEL Collector Contrib project has [oauth2clientauthextension](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/ma
in/extension/oauth2clientauthextension/README.md) specifically for this use case.
Additional Context
Claude Code already has strong OTEL support:
- mTLS for HTTP exporters (v1.0.126)
- HTTP_PROXY/HTTPS_PROXY support (v2.0.17)
- Rich metrics and events export
OAuth2 would complete the enterprise authentication story.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗