diff --git a/index.d.ts b/index.d.ts
index c8186c8b..ac498ff3 100644
--- a/index.d.ts
+++ b/index.d.ts
@@ -20,7 +20,7 @@
 
 export interface ClientConfig {
   serviceUrl: string;
-  authentication?: AuthenticationTls | AuthenticationAthenz | AuthenticationToken;
+  authentication?: AuthenticationTls | AuthenticationAthenz | AuthenticationToken | AuthenticationOauth2;
   operationTimeoutSeconds?: number;
   ioThreads?: number;
   messageListenerThreads?: number;
@@ -175,6 +175,18 @@ export class AuthenticationToken {
   constructor(params: { token: string });
 }
 
+export class AuthenticationOauth2 {
+  constructor(params: {
+    type: string;
+    issuer_url: string;
+    client_id?: string;
+    client_secret?: string;
+    private_key?: string;
+    audience?: string;
+    scope?: string;
+  });
+}
+
 export enum LogLevel {
   DEBUG = 0,
   INFO = 1,
diff --git a/index.js b/index.js
index 461a853b..d3e3b947 100644
--- a/index.js
+++ b/index.js
@@ -21,6 +21,7 @@ const PulsarBinding = require('bindings')('Pulsar');
 const AuthenticationTls = require('./src/AuthenticationTls.js');
 const AuthenticationAthenz = require('./src/AuthenticationAthenz.js');
 const AuthenticationToken = require('./src/AuthenticationToken.js');
+const AuthenticationOauth2 = require('./src/AuthenticationOauth2.js');
 
 const LogLevel = {
   DEBUG: 0,
@@ -36,6 +37,7 @@ const Pulsar = {
   AuthenticationTls,
   AuthenticationAthenz,
   AuthenticationToken,
+  AuthenticationOauth2,
   LogLevel,
 };
 
diff --git a/src/Authentication.cc b/src/Authentication.cc
index 226fd0a1..35de2d97 100644
--- a/src/Authentication.cc
+++ b/src/Authentication.cc
@@ -80,6 +80,13 @@ Authentication::Authentication(const Napi::CallbackInfo &info)
       return;
     }
     this->cAuthentication = pulsar_authentication_athenz_create(info[1].ToString().Utf8Value().c_str());
+  } else if (authMethod == "oauth2") {
+    if (info.Length() < 2 || !info[1].IsString()) {
+      Napi::Error::New(env, "Authentication parameter must be a JSON string for oauth2")
+          .ThrowAsJavaScriptException();
+      return;
+    }
+    this->cAuthentication = pulsar_authentication_oauth2_create(info[1].ToString().Utf8Value().c_str());
   } else {
     Napi::Error::New(env, "Unsupported authentication method").ThrowAsJavaScriptException();
     return;
diff --git a/src/AuthenticationOauth2.js b/src/AuthenticationOauth2.js
new file mode 100644
index 00000000..cd5b3281
--- /dev/null
+++ b/src/AuthenticationOauth2.js
@@ -0,0 +1,28 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+const PulsarBinding = require('bindings')('Pulsar');
+
+class AuthenticationOauth2 {
+  constructor(params) {
+    const paramsStr = (typeof params === 'object') ? JSON.stringify(params) : params;
+    this.binding = new PulsarBinding.Authentication('oauth2', paramsStr);
+  }
+}
+
+module.exports = AuthenticationOauth2;
diff --git a/tstest.ts b/tstest.ts
index 43042bcb..220854d2 100644
--- a/tstest.ts
+++ b/tstest.ts
@@ -39,6 +39,23 @@ import Pulsar = require('./index');
     tokenExpirationTime: '3600',
   });
 
+  const authOauth2PrivateKey: Pulsar.AuthenticationOauth2 = new Pulsar.AuthenticationOauth2({
+    type: "client_credentials",
+    issuer_url: "issuer-url",
+    private_key: "credentials-file-path",
+    audience: "audience",
+    scope: "your-scope",
+  });
+
+  const authOauth2ClientId: Pulsar.AuthenticationOauth2 = new Pulsar.AuthenticationOauth2({
+    type: "client_credentials",
+    issuer_url: "issuer-url",
+    client_id: "client-id",
+    client_secret: "client-secret",
+    audience: "audience",
+    scope: "scope"
+  });
+
   const authToken: Pulsar.AuthenticationToken = new Pulsar.AuthenticationToken({
     token: 'foobar',
   });