Configuring Authentication for GCP Pub-Sub Push Subscription Using Terraform Google Provider

I am trying to configure GCP Pub Sub Push subscriptions, Total 3 The push subscriptions have been configured successfully, but i am not able to enable Authentication on the push subscription Authentication for Push Subscription is described in this link --> https://cloud.google.com/pubsub/docs/authenticate-push-subscriptions

We are using Terraform to provision resources The module that we are using to configure this is provided in this link -->

GCP Pub Sub Module

We have already given the pub sub agent, "roles/iam.serviceAccountTokenCreator" in the GCP project. The SA that we are using, our caller SA, has been given the "roles/iam.serviceAccountUser

But we don't see anything related to authentication in the speculative terraform plan

The code for enabling OIDC for pub sub push subscription is given here --> OIDC Configuration for Pub Sub Push Subscription

Below is my Terraform Code :

module "app-pubsubpush" {
  source   = "terraform-google-modules/pubsub/google"
  version  = "~> 5.0"
  for_each = { for x, n in var.pubsubpush_config : x => n }

  project_id = var.project_id

 
  topic               = each.value.pubsub_topic_name
  topic_labels        = each.value.pubsub_topic_labels
  subscription_labels = each.value.subscription_labels

 
  push_subscriptions = [
    {

      name = each.value.pubsub_subscription_name
      push_endpoint              = each.value.pubsub_subscription_endpoint
      oidc_token                 = each.value.oidc_token
      message_retention_duration = "604800s" // Default (7 days)
      retain_acked_messages      = false     // Default
      ack_deadline_seconds       = 10        // Default
      expiration_policy          = ""        // Subscription never expires
      max_delivery_attempts = 5      // Default
      minimum_backoff       = "10s"  // Default
      maximum_backoff       = "600s" // Default

      enable_message_ordering      = true
      enable_exactly_once_delivery = true

      service_account = var.pubsub_subscription_sa
    }
  ]

  depends_on = [
    module.pubsub_dl
  ]
}

npd.tfvar :

pubsub_config = [
  {
    pubsub_topic_name = "app_notifications"
    pubsub_topic_labels = {
      cm_application_service_num = "snsvc0011392" # ArcSight-NPD-001
      cm_service_offering_num    = "bsn0010403"   # Security Monitoring & Alerting - ArcSight-NPD
    }
    subscription_labels = {
      cm_application_service_num = "snsvc0011392" # ArcSight-NPD-001
      cm_service_offering_num    = "bsn0010403"   # Security Monitoring & Alerting - ArcSight-NPD
    }
    pubsub_subscription_name     = "app_notifications_arcsight"
    pubsub_subscription_dl_topic = "app_notifications_arcsight_dl"
  }
]



#===========Pubsub Subscription Service Account===========#

pubsub_subscription_sa = "[email protected]"
pubsub_push_subscription_sa = "soc-logsink2arcsight-npd@cnr-scc-npd-kaw8.iam.gserviceaccount.com"


pubsubpush_config = [
    {
    pubsub_topic_name = "app_notifications_secops"
    pubsub_topic_labels = {
      cm_application_service_num = "snsvc0031048"  
      cm_service_offering_num    = "bsn0011961"    
    }
    subscription_labels = {
      cm_application_service_num = "snsvc0031048"  
      cm_service_offering_num    = "bsn0011961"    
    }
    pubsub_subscription_endpoint = "https://us-chronicle.googleapis.com/v1alpha/projects/xxxxxx/locations/us/instances/xxxxxx/feeds/xxxxxxxxx:importPushLogs"
    oidc_token                   =  "soc-logsink2arcsight-npd@cnr-scc-npd-kaw8.iam.gserviceaccount.com"
    pubsub_subscription_name     = "app_notifications_secops_push"
 #   pubsub_subscription_dl_topic = "app_notifications_secops_dl"
  },
    {
    pubsub_topic_name = "appengine_notifications_secops"
    pubsub_topic_labels = {
      cm_application_service_num = "snsvc0031048"  
      cm_service_offering_num    = "bsn0011961"    
    }
    subscription_labels = {
      cm_application_service_num = "snsvc0031048"  
      cm_service_offering_num    = "bsn0011961"    
    }
    pubsub_subscription_endpoint = "https://us-chronicle.googleapis.com/v1alpha/projects/xxxxxxx/locations/us/instances/xxxxxxxxx/feeds/xxxxxx-xxxxxx:importPushLogs"
    oidc_token                   = "soc-logsink2arcsight-npd@cnr-scc-npd-kaw8.iam.gserviceaccount.com",
    pubsub_subscription_name     = "appengine_notifications_secops_push"
  
  },
    {
    pubsub_topic_name = "dataaccess_notifications_secops"
    pubsub_topic_labels = {
      cm_application_service_num = "snsvc0031048"  
      cm_service_offering_num    = "bsn0011961"    
    }
    subscription_labels = {
      cm_application_service_num = "snsvc0031048"  
      cm_service_offering_num    = "bsn0011961"    
    }
    pubsub_subscription_endpoint = "https://us-chronicle.xxxxx/v1alpha/projects/xxxxxxx/locations/us/instances/xxxxxxxxxx/feeds/6ef5f8d4-8199-4cb7-8cb6-43d5331a0182:importPushLogs"
    oidc_token                   =  "soc-logsink2arcsight-npd@cnr-scc-npd-kaw8.iam.gserviceaccount.com"
    pubsub_subscription_name     = "dataaccess_notifications_secops_push"
   
  }
]