coze-dev
diff --git a/‎cozeloop-core/pom.xml‎
Lines changed: 5 additions & 0 deletions b/‎cozeloop-core/pom.xml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎cozeloop-core/src/main/java/com/coze/loop/auth/JWTOAuthAuth.java‎
Lines changed: 87 additions & 15 deletions b/‎cozeloop-core/src/main/java/com/coze/loop/auth/JWTOAuthAuth.java‎
Lines changed: 87 additions & 15 deletions
diff --git a/‎cozeloop-core/src/main/java/com/coze/loop/client/CozeLoopClient.java‎
Lines changed: 41 additions & 1 deletion b/‎cozeloop-core/src/main/java/com/coze/loop/client/CozeLoopClient.java‎
Lines changed: 41 additions & 1 deletion
diff --git a/‎cozeloop-core/src/main/java/com/coze/loop/client/CozeLoopClientBuilder.java‎
Lines changed: 34 additions & 6 deletions b/‎cozeloop-core/src/main/java/com/coze/loop/client/CozeLoopClientBuilder.java‎
Lines changed: 34 additions & 6 deletions
@@ -41,6 +41,11 @@
             <version>1.23.1-alpha</version>
         </dependency>
 
+        <dependency>
+            <groupId>io.opentelemetry</groupId>
+            <artifactId>opentelemetry-exporter-otlp</artifactId>
+        </dependency>
+        
         <!-- HTTP Client -->
         <dependency>
             <groupId>com.squareup.okhttp3</groupId>
 
@@ -2,9 +2,15 @@
 
 import com.coze.loop.exception.AuthException;
 import com.coze.loop.exception.ErrorCode;
+import com.coze.loop.http.HttpClient;
+import com.coze.loop.internal.JsonUtils;
 import com.coze.loop.internal.ValidationUtils;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+import okhttp3.MediaType;
+import okhttp3.Request;
+import okhttp3.RequestBody;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -13,6 +19,9 @@
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.Base64;
 import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
 import java.util.concurrent.locks.ReentrantReadWriteLock;
 
 /**
@@ -22,36 +31,69 @@
 public class JWTOAuthAuth implements Auth {
     private static final Logger logger = LoggerFactory.getLogger(JWTOAuthAuth.class);
     private static final String AUTH_TYPE = "Bearer";
-    private static final long TOKEN_EXPIRY_MINUTES = 55; // 55 minutes, JWT typically expires in 1 hour
-    private static final long REFRESH_BUFFER_MINUTES = 5; // Refresh 5 minutes before expiry
+    private static final String GRANT_TYPE_JWT = "urn:ietf:params:oauth:grant-type:jwt-bearer";
+    private static final String TOKEN_PATH = "/api/permission/oauth2/token";
+    private static final long REFRESH_BUFFER_MS = 5 * 60 * 1000; // 5 minutes
+    private static final long DEFAULT_JWT_TTL_MS = 15 * 60 * 1000; // 15 minutes
 
     private final String clientId;
     private final PrivateKey privateKey;
     private final String publicKeyId;
+    private String baseUrl;
+    private HttpClient httpClient;
 
     private volatile String currentToken;
     private volatile long tokenExpiryTime;
 
     private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
 
     /**
-     * Create a JWTOAuthAuth instance.
+     * Create a JWTOAuthAuth instance with default base URL.
      *
      * @param clientId the client ID
      * @param privateKeyPem the private key in PEM format (base64 encoded PKCS8)
      * @param publicKeyId the public key ID
      */
     public JWTOAuthAuth(String clientId, String privateKeyPem, String publicKeyId) {
+        this(clientId, privateKeyPem, publicKeyId, "https://api.coze.cn");
+    }
+
+    /**
+     * Create a JWTOAuthAuth instance with custom base URL.
+     *
+     * @param clientId the client ID
+     * @param privateKeyPem the private key in PEM format (base64 encoded PKCS8)
+     * @param publicKeyId the public key ID
+     * @param baseUrl the base URL for token refresh
+     */
+    public JWTOAuthAuth(String clientId, String privateKeyPem, String publicKeyId, String baseUrl) {
         ValidationUtils.requireNonEmpty(clientId, "clientId");
         ValidationUtils.requireNonEmpty(privateKeyPem, "privateKeyPem");
         ValidationUtils.requireNonEmpty(publicKeyId, "publicKeyId");
 
         this.clientId = clientId;
         this.publicKeyId = publicKeyId;
         this.privateKey = parsePrivateKey(privateKeyPem);
-        
-        // Generate initial token
-        refreshToken();
+        this.baseUrl = baseUrl != null ? baseUrl : "https://api.coze.cn";
+        this.httpClient = new HttpClient(null);
+    }
+
+    /**
+     * Set the base URL for token refresh.
+     *
+     * @param baseUrl the base URL
+     */
+    public void setBaseUrl(String baseUrl) {
+        this.baseUrl = baseUrl;
+    }
+
+    /**
+     * Set the HttpClient for token refresh.
+     *
+     * @param httpClient the HttpClient
+     */
+    public void setHttpClient(HttpClient httpClient) {
+        this.httpClient = httpClient;
     }
 
     @Override
@@ -91,35 +133,65 @@ public String getType() {
      * Check if token should be refreshed.
      */
     private boolean shouldRefreshToken(long currentTime) {
-        return currentTime >= (tokenExpiryTime - REFRESH_BUFFER_MINUTES * 60 * 1000);
+        return currentToken == null || currentTime >= (tokenExpiryTime - REFRESH_BUFFER_MS);
     }
 
     /**
-     * Refresh the JWT token.
+     * Refresh the OAuth token by exchanging a JWT for an access token.
      * Must be called with write lock held.
      */
     private void refreshToken() {
         try {
             long currentTime = System.currentTimeMillis();
-            long expiryTime = currentTime + TOKEN_EXPIRY_MINUTES * 60 * 1000;
+            String host = new java.net.URL(baseUrl).getHost();
 
+            // 1. Generate JWT
             String jwt = Jwts.builder()
                 .setIssuer(clientId)
-                .setAudience("coze")
+                .setAudience(host)
                 .setIssuedAt(new Date(currentTime))
-                .setExpiration(new Date(expiryTime))
+                .setExpiration(new Date(currentTime + DEFAULT_JWT_TTL_MS))
                 .setHeaderParam("kid", publicKeyId)
+                .setHeaderParam("typ", "JWT")
+                .setHeaderParam("alg", "RS256")
+                .setId(UUID.randomUUID().toString())
                 .signWith(privateKey, SignatureAlgorithm.RS256)
                 .compact();
 
-            this.currentToken = jwt;
-            this.tokenExpiryTime = expiryTime;
+            // 2. Exchange JWT for Access Token using HttpClient
+            Map<String, Object> body = new HashMap<>();
+            body.put("client_id", clientId);
+            body.put("grant_type", GRANT_TYPE_JWT);
+            
+            Map<String, String> headers = new HashMap<>();
+            headers.put("Authorization", "Bearer " + jwt);
+            
+            String responseJson = httpClient.post(baseUrl + TOKEN_PATH, body, headers);
+            TokenResponse resp = JsonUtils.fromJson(responseJson, TokenResponse.class);
 
-            logger.debug("JWT token refreshed, expires at: {}", new Date(expiryTime));
+            if (resp == null || resp.accessToken == null) {
+                throw new AuthException(ErrorCode.AUTH_FAILED, "Invalid response from token endpoint");
+            }
+            
+            this.currentToken = resp.accessToken;
+            this.tokenExpiryTime = System.currentTimeMillis() + resp.expiresIn * 1000;
+            
+            logger.debug("OAuth token refreshed, expires at: {}", new Date(this.tokenExpiryTime));
         } catch (Exception e) {
-            throw new AuthException(ErrorCode.AUTH_FAILED, "Failed to generate JWT token", e);
+            throw new AuthException(ErrorCode.AUTH_FAILED, "Failed to refresh OAuth token", e);
         }
     }
+
+    private static class TokenResponse {
+        @JsonProperty("access_token")
+        private String accessToken;
+        
+        @JsonProperty("expires_in")
+        private long expiresIn;
+        
+        @JsonProperty("refresh_token")
+        private String refreshToken;
+    }
 
     /**
      * Parse private key from PEM format.
 
@@ -8,6 +8,7 @@
 import com.coze.loop.stream.StreamReader;
 import com.coze.loop.trace.CozeLoopSpan;
 import io.opentelemetry.api.trace.Tracer;
+import io.opentelemetry.context.Context;
 
 import java.util.List;
 import java.util.Map;
@@ -27,7 +28,7 @@ public interface CozeLoopClient extends AutoCloseable {
      * @return the span wrapper
      */
     CozeLoopSpan startSpan(String name);
-    
+
     /**
      * Start a new span with specified type.
      *
@@ -36,6 +37,40 @@ public interface CozeLoopClient extends AutoCloseable {
      * @return the span wrapper
      */
     CozeLoopSpan startSpan(String name, String spanType);
+
+    CozeLoopSpan startSpan(String name, String spanType, String scene);
+
+    /**
+     * Start a new span with specified type.
+     *
+     * @param name the span name
+     * @param spanType the span type (e.g., "llm", "tool", "custom")
+     * @return the span wrapper
+     */
+    CozeLoopSpan startSpan(String name, String spanType, CozeLoopSpan parentSpan);
+
+    CozeLoopSpan startSpan(String name, String spanType, CozeLoopSpan parentSpan, String scene);
+
+    /**
+     * Start a new span with specified type and parent context.
+     * Useful for cross-service tracing where you have an extracted Context.
+     *
+     * @param name the span name
+     * @param spanType the span type
+     * @param parentContext the parent context
+     * @return the span wrapper
+     */
+    CozeLoopSpan startSpan(String name, String spanType, Context parentContext);
+
+    CozeLoopSpan startSpan(String name, String spanType, Context parentContext, String scene);
+
+    /**
+     * Extract context from headers for cross-service propagation.
+     *
+     * @param headers the map of headers (e.g. from an incoming HTTP request)
+     * @return the extracted context
+     */
+    Context extractContext(Map<String, String> headers);
 
     /**
      * Get the underlying OpenTelemetry Tracer.
@@ -103,6 +138,11 @@ public interface CozeLoopClient extends AutoCloseable {
      * @return workspace ID
      */
     String getWorkspaceId();
+
+    /**
+     * Flush all pending spans to the backend.
+     */
+    void flush();
 
     /**
      * Shutdown the client and release resources.
 
@@ -7,6 +7,7 @@
 import com.coze.loop.exception.CozeLoopException;
 import com.coze.loop.exception.ErrorCode;
 import com.coze.loop.http.HttpClient;
+import com.coze.loop.internal.ConfigUtils;
 import com.coze.loop.internal.ValidationUtils;
 import com.coze.loop.prompt.PromptProvider;
 import com.coze.loop.trace.CozeLoopTracerProvider;
@@ -20,6 +21,27 @@ public class CozeLoopClientBuilder {
 
     public CozeLoopClientBuilder() {
         this.config = CozeLoopConfig.builder().build();
+        loadByProperties();
+    }
+
+    private void loadByProperties() {
+        // Load workspace ID
+        String workspaceId = ConfigUtils.get("cozeloop.workspace-id");
+        if (workspaceId != null) {
+            this.config.setWorkspaceId(workspaceId);
+        }
+
+        // Load service name
+        String serviceName = ConfigUtils.get("cozeloop.service-name");
+        if (serviceName != null) {
+            this.config.setServiceName(serviceName);
+        }
+
+        // Load auth token
+        String token = ConfigUtils.get("cozeloop.auth.token");
+        if (token != null) {
+            this.tokenAuth(token);
+        }
     }
 
     /**
@@ -112,19 +134,25 @@ public CozeLoopClient build() {
         ValidationUtils.requireNonNull(auth, "auth");
 
         try {
-            // Create HTTP client
-            HttpClient httpClient = new HttpClient(auth, config.getHttpConfig());
-            
-            // Create TracerProvider
+            // Create TracerProvider using OTLP/HTTP exporter
             CozeLoopTracerProvider tracerProvider = CozeLoopTracerProvider.create(
-                httpClient,
+                    auth,
                 config.getSpanEndpoint(),
-                config.getFileEndpoint(),
                 config.getWorkspaceId(),
                 config.getServiceName(),
                 config.getTraceConfig()
             );
 
+            // Create HTTP client with trace propagators
+            HttpClient httpClient = new HttpClient(auth, config.getHttpConfig(), tracerProvider.getPropagators());
+            
+            // Configure JWT auth if used
+            if (auth instanceof JWTOAuthAuth) {
+                JWTOAuthAuth jwtAuth = (JWTOAuthAuth) auth;
+                jwtAuth.setBaseUrl(config.getBaseUrl());
+                jwtAuth.setHttpClient(new HttpClient(null, config.getHttpConfig(), tracerProvider.getPropagators()));
+            }
+            
             // Create PromptProvider
             PromptProvider promptProvider = new PromptProvider(
                 httpClient,