diff --git a/echojwtx/auth.go b/echojwtx/auth.go
index 00ae195..5b4c30d 100644
--- a/echojwtx/auth.go
+++ b/echojwtx/auth.go
@@ -26,9 +26,17 @@ import (
 	echojwt "github.com/labstack/echo-jwt/v4"
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/echo/v4/middleware"
+	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
 	"go.uber.org/zap"
 )
 
+var (
+	jwksClient = &http.Client{
+		Timeout:   5 * time.Second, // nolint:gomnd // clear and unexported
+		Transport: otelhttp.NewTransport(http.DefaultTransport),
+	}
+)
+
 type actorContext struct{}
 
 const (
@@ -128,6 +136,10 @@ func (a *Auth) setup(ctx context.Context, config AuthConfig, options ...Opts) er
 			return err
 		}
 
+		if a.KeyFuncOptions.Client == nil {
+			a.KeyFuncOptions.Client = otelhttp.DefaultClient
+		}
+
 		if a.KeyFuncOptions.Ctx == nil {
 			a.KeyFuncOptions.Ctx = ctx
 		}
@@ -223,7 +235,7 @@ func jwksURI(ctx context.Context, issuer string) (string, error) {
 		return "", err
 	}
 
-	res, err := http.DefaultClient.Do(req)
+	res, err := jwksClient.Do(req)
 	if err != nil {
 		return "", err
 	}
diff --git a/go.mod b/go.mod
index d8e0c29..051a595 100644
--- a/go.mod
+++ b/go.mod
@@ -34,6 +34,7 @@ require (
 	github.com/zsais/go-gin-prometheus v0.1.0
 	go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin v0.42.0
 	go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho v0.42.0
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0
 	go.opentelemetry.io/otel v1.16.0
 	go.opentelemetry.io/otel/exporters/jaeger v1.16.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0
@@ -64,6 +65,7 @@ require (
 	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/docker v24.0.2+incompatible // indirect
 	github.com/docker/go-units v0.5.0 // indirect
+	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/go-openapi/inflect v0.19.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
@@ -133,7 +135,7 @@ require (
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.0
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
diff --git a/go.sum b/go.sum
index 96fef40..7807a3b 100644
--- a/go.sum
+++ b/go.sum
@@ -139,6 +139,8 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
+github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
@@ -551,6 +553,8 @@ go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin v0.
 go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin v0.42.0/go.mod h1:Ep4uoO2ijR0f49Pr7jAqyTjSCyS1SRL18wwttKfwqXA=
 go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho v0.42.0 h1:sYefIhrd/A3fO8rmr0vy2tgCLoR8CsbMqwbcUa70x00=
 go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho v0.42.0/go.mod h1:5Ll2ndRzg9UNUrj1n+v4ZCcrD/SYy7BnVrlCQXECowA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0 h1:pginetY7+onl4qN1vl0xW/V/v6OBZ0vVdH+esuJgvmM=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0/go.mod h1:XiYsayHc36K3EByOO6nbAXnAWbrUxdjUROCEeeROOH8=
 go.opentelemetry.io/contrib/propagators/b3 v1.17.0 h1:ImOVvHnku8jijXqkwCSyYKRDt2YrnGXD4BbhcpfbfJo=
 go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ=
 go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
diff --git a/oauth2x/auth.go b/oauth2x/auth.go
index 4c0e197..f6c1cb9 100644
--- a/oauth2x/auth.go
+++ b/oauth2x/auth.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
+	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
 
 	"go.infratographer.com/x/viperx"
 
@@ -20,7 +21,8 @@ import (
 
 var (
 	tokenEndpointClient = &http.Client{
-		Timeout: 5 * time.Second, // nolint:gomnd // clear and unexported
+		Timeout:   5 * time.Second, // nolint:gomnd // clear and unexported
+		Transport: otelhttp.NewTransport(http.DefaultTransport),
 	}
 
 	// ErrTokenEndpointMissing is returned when the issuers .well-known/openid-configuration is missing the token_endpoint key.
@@ -44,8 +46,13 @@ func NewClientCredentialsTokenSrc(ctx context.Context, cfg Config) (oauth2.Token
 }
 
 // NewClient returns a http client using requested token source
-func NewClient(ctx context.Context, tokenSrc oauth2.TokenSource) *http.Client {
-	return oauth2.NewClient(ctx, tokenSrc)
+func NewClient(_ context.Context, tokenSrc oauth2.TokenSource) *http.Client {
+	return &http.Client{
+		Transport: &oauth2.Transport{
+			Base:   otelhttp.NewTransport(http.DefaultTransport),
+			Source: oauth2.ReuseTokenSource(nil, tokenSrc),
+		},
+	}
 }
 
 // Config handles reading in all the config values available