diff --git a/lib/google/api_client/auth/compute_service_account.rb b/lib/google/api_client/auth/compute_service_account.rb
new file mode 100644
index 000000000..085d81bba
--- /dev/null
+++ b/lib/google/api_client/auth/compute_service_account.rb
@@ -0,0 +1,28 @@
+# Copyright 2013 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'faraday'
+require 'signet/oauth_2/client'
+
+module Google
+  class APIClient
+    class ComputeServiceAccount < Signet::OAuth2::Client
+      def fetch_access_token(options={})
+        options[:connection] ||= Faraday.default_connection
+        response = options[:connection].get 'http://metadata/computeMetadata/v1beta1/instance/service-accounts/default/token'
+        Signet::OAuth2.parse_json_credentials(response.body)
+      end
+    end
+  end
+end
diff --git a/lib/google/api_client/service_account.rb b/lib/google/api_client/service_account.rb
index 737ac78cb..b6a0b3cb0 100644
--- a/lib/google/api_client/service_account.rb
+++ b/lib/google/api_client/service_account.rb
@@ -15,3 +15,4 @@
 require 'google/api_client/auth/pkcs12'
 require 'google/api_client/auth/jwt_asserter'
 require 'google/api_client/auth/key_utils'
+require 'google/api_client/auth/compute_service_account'
diff --git a/spec/google/api_client/service_account_spec.rb b/spec/google/api_client/service_account_spec.rb
index 270ecb7cc..d32bcffda 100644
--- a/spec/google/api_client/service_account_spec.rb
+++ b/spec/google/api_client/service_account_spec.rb
@@ -141,3 +141,24 @@ describe Google::APIClient::JWTAsserter do
   end    
 end
 
+describe Google::APIClient::ComputeServiceAccount do
+  include ConnectionHelpers
+
+  it 'should query metadata server' do
+    conn = stub_connection do |stub|
+      stub.get('/computeMetadata/v1beta1/instance/service-accounts/default/token') do |env|
+        env.url.host.should == 'metadata'
+        [200, {}, '{
+          "access_token" : "1/abcdef1234567890",
+          "token_type" : "Bearer",
+          "expires_in" : 3600
+        }']
+      end
+    end
+    service_account = Google::APIClient::ComputeServiceAccount.new
+    auth = service_account.fetch_access_token!({ :connection => conn })
+    auth.should_not == nil?
+    auth["access_token"].should == "1/abcdef1234567890"
+    conn.verify
+  end
+end