diff --git a/README.md b/README.md
index e15282b..e4d3ecc 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,8 @@ module "pubsub" {
       ack_deadline_seconds = 20 // optional
       push_endpoint        = "https://example.com" // required
       x-goog-version       = "v1beta1" // optional
+      oidc_service_account = "sa@example.com" // optional
+      audience             = "example" // optional
       expiration_policy    = "1209600s" // optional
     }
   ]
diff --git a/main.tf b/main.tf
index f9dd2c2..f0bb719 100644
--- a/main.tf
+++ b/main.tf
@@ -64,8 +64,15 @@ resource "google_pubsub_subscription" "push_subscriptions" {
     attributes = {
       x-goog-version = lookup(var.push_subscriptions[count.index], "x-goog-version", "v1")
     }
-  }
 
+    dynamic "oidc_token" {
+      for_each = (lookup(var.push_subscriptions[count.index], "oidc_service_account_email", "") != "") ? [true] : []
+      content {
+        service_account_email = lookup(var.push_subscriptions[count.index], "oidc_service_account_email", "")
+        audience              = lookup(var.push_subscriptions[count.index], "audience", "")
+      }
+    }
+  }
   depends_on = [google_pubsub_topic.topic]
 }