diff --git a/.chloggen/435960-fix-oauth2-flow-pulsar-exporter.yaml b/.chloggen/435960-fix-oauth2-flow-pulsar-exporter.yaml
new file mode 100644
index 0000000000000..7cde3453b1cde
--- /dev/null
+++ b/.chloggen/435960-fix-oauth2-flow-pulsar-exporter.yaml
@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: bug_fix
+
+# The name of the component, or a single word describing the area of concern, (e.g. receiver/filelog)
+component: exporter/pulsar
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Fix the oauth2 flow for pulsar exporter by adding additional configuration fields
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [435960]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext: Fixes the oauth2 authentication flow in pulsar exporter by exposing additional configuration like `private_key` and `scope`.
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: [user]
diff --git a/.chloggen/435960-fix-oauth2-flow-pulsar-receiver.yaml b/.chloggen/435960-fix-oauth2-flow-pulsar-receiver.yaml
new file mode 100644
index 0000000000000..ad86278559052
--- /dev/null
+++ b/.chloggen/435960-fix-oauth2-flow-pulsar-receiver.yaml
@@ -0,0 +1,28 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: bug_fix
+
+# The name of the component, or a single word describing the area of concern, (e.g. receiver/filelog)
+component: receiver/pulsar
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Fix the oauth2 flow for pulsar exporter by adding additional configuration fields
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [435960]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext: |
+  Fixes the oauth2 authentication flow in pulsar receiver by exposing additional configuration like `private_key` and `scope`.
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: [user]
diff --git a/exporter/pulsarexporter/README.md b/exporter/pulsarexporter/README.md
index 4654008a360a1..a6b8efdc6b3ef 100644
--- a/exporter/pulsarexporter/README.md
+++ b/exporter/pulsarexporter/README.md
@@ -37,6 +37,8 @@ The following settings can be optionally configured:
         - `issuer_url`:
         - `client_id`:
         - `audience`:
+        - `scope`:
+        - `private_key`: Path to the private client credentials json file. Must contain `type`, `client_id`, `client_secret` and `issuer_url` fields.
     - `athenz`
         - `provider_domain`:
         - `tenant_domain`:
diff --git a/exporter/pulsarexporter/config.go b/exporter/pulsarexporter/config.go
index 7dcaa06ac539f..715f9746c9c0e 100644
--- a/exporter/pulsarexporter/config.go
+++ b/exporter/pulsarexporter/config.go
@@ -66,9 +66,11 @@ type Athenz struct {
 }
 
 type OAuth2 struct {
-	IssuerURL string `mapstructure:"issuer_url"`
-	ClientID  string `mapstructure:"client_id"`
-	Audience  string `mapstructure:"audience"`
+	IssuerURL  string `mapstructure:"issuer_url"`
+	ClientID   string `mapstructure:"client_id"`
+	Audience   string `mapstructure:"audience"`
+	PrivateKey string `mapstructure:"private_key"`
+	Scope      string `mapstructure:"scope"`
 }
 
 // Producer defines configuration for producer
@@ -107,9 +109,12 @@ func (cfg *Config) auth() pulsar.Authentication {
 	if authentication.OAuth2.HasValue() {
 		oauth2Cfg := authentication.OAuth2.Get()
 		return pulsar.NewAuthenticationOAuth2(map[string]string{
-			"issuerUrl": oauth2Cfg.IssuerURL,
-			"clientId":  oauth2Cfg.ClientID,
-			"audience":  oauth2Cfg.Audience,
+			"type":       "client_credentials",
+			"issuerUrl":  oauth2Cfg.IssuerURL,
+			"clientId":   oauth2Cfg.ClientID,
+			"audience":   oauth2Cfg.Audience,
+			"scope":      oauth2Cfg.Scope,
+			"privateKey": oauth2Cfg.PrivateKey,
 		})
 	}
 	if authentication.Athenz.HasValue() {
diff --git a/receiver/pulsarreceiver/README.md b/receiver/pulsarreceiver/README.md
index 2f446ac0990c2..385f45ee9ca8a 100644
--- a/receiver/pulsarreceiver/README.md
+++ b/receiver/pulsarreceiver/README.md
@@ -38,6 +38,8 @@ The following settings can be optionally configured:
     - `issuer_url`:
     - `client_id`:
     - `audience`: 
+    - `scope`:
+    - `private_key`: Path to the private client credentials json file. Must contain `type`, `client_id`, `client_secret` and `issuer_url` fields.
   - `athenz`
     - `provider_domain`:
     - `tenant_domain`:
diff --git a/receiver/pulsarreceiver/config.go b/receiver/pulsarreceiver/config.go
index 89d8a61c3b9f1..ed8b9174c1367 100644
--- a/receiver/pulsarreceiver/config.go
+++ b/receiver/pulsarreceiver/config.go
@@ -58,9 +58,11 @@ type Athenz struct {
 }
 
 type OAuth2 struct {
-	IssuerURL string `mapstructure:"issuer_url"`
-	ClientID  string `mapstructure:"client_id"`
-	Audience  string `mapstructure:"audience"`
+	IssuerURL  string `mapstructure:"issuer_url"`
+	ClientID   string `mapstructure:"client_id"`
+	Audience   string `mapstructure:"audience"`
+	PrivateKey string `mapstructure:"private_key"`
+	Scope      string `mapstructure:"scope"`
 }
 
 var _ component.Config = (*Config)(nil)
@@ -83,9 +85,12 @@ func (cfg *Config) auth() pulsar.Authentication {
 	if authentication.OAuth2.HasValue() {
 		oauth2 := authentication.OAuth2.Get()
 		return pulsar.NewAuthenticationOAuth2(map[string]string{
-			"issuerUrl": oauth2.IssuerURL,
-			"clientId":  oauth2.ClientID,
-			"audience":  oauth2.Audience,
+			"type":       "client_credentials",
+			"issuerUrl":  oauth2.IssuerURL,
+			"clientId":   oauth2.ClientID,
+			"audience":   oauth2.Audience,
+			"scope":      oauth2.Scope,
+			"privateKey": oauth2.PrivateKey,
 		})
 	}
 	if authentication.Athenz.HasValue() {