Merge pull request #75487 from max-cx/OBSDOCS-937

skopacz1 · web-flow · commit dedf8a356382 · 2024-06-05T11:08:06.000-04:00
OBSDOCS-937/TRACING-4071: Write documentation for oidcauthextension component
diff --git a/modules/otel-collector-components.adoc b/modules/otel-collector-components.adoc
@@ -1190,6 +1190,48 @@ The File Storage Extension supports traces, metrics, and logs. This extension ca
 <5> Defines the maximum size of the compaction transaction. To ignore the transaction size, set to zero. If omitted, the default is `+65536+` bytes.
 <6> When set, forces the database to perform an `fsync` call after each write operation. This helps to ensure database integrity if there is an interruption to the database process, but at the cost of performance.
 
+[id="oidcauth-extension_{context}"]
+=== OIDC Auth Extension
+
+:FeatureName: The OIDC Auth Extension
+include::snippets/technology-preview.adoc[]
+
+The OIDC Auth Extension authenticates incoming requests to receivers by using the OpenID Connect (OIDC) protocol.
+It validates the ID token in the authorization header against the issuer and updates the authentication context of the incoming request.
+
+.OpenTelemetry Collector custom resource with the configured OIDC Auth Extension
+[source,yaml]
+----
+  config: |
+    extensions:
+      oidc:
+        attribute: authorization # <1>
+        issuer_url: https://example.com/auth/realms/opentelemetry # <2>
+        issuer_ca_path: /var/run/tls/issuer.pem # <3>
+        audience: otel-collector # <4>
+        username_claim: email # <5>
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+            auth:
+              authenticator: oidc
+    exporters:
+      otlp:
+        endpoint: <endpoint>
+    service:
+      extensions: [oidc]
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [otlp]
+----
+<1> The name of the header that contains the ID token. The default name is `authorization`.
+<2> The base URL of the OIDC provider.
+<3> Optional: The path to the issuer's CA certificate.
+<4> The audience for the token.
+<5> The name of the claim that contains the username. The default name is `sub`.
+
 [id="jaegerremotesampling-extension_{context}"]
 === Jaeger Remote Sampling extension
 
