in pkg/sts/sts.go [213:260]
func (s *STS) TokenAccess(ctx context.Context, federatedToken string, audience string) (string, error) {
req, err := s.constructGenerateAccessTokenRequest(federatedToken, audience)
if err != nil {
return "", fmt.Errorf("failed to marshal federated token request: %v", err)
}
req = req.WithContext(ctx)
res, err := s.httpClient.Do(req)
if err != nil {
return "", err
}
body, err := ioutil.ReadAll(res.Body)
if err != nil {
return "", fmt.Errorf("token exchange failed: %v", err)
}
if audience == "" || s.UseAccessToken {
respData := &accessTokenResponse{}
if err := json.Unmarshal(body, respData); err != nil {
// Normally the request should json - extremely hard to debug otherwise, not enough info in status/err
log.Println("Unexpected unmarshal error, response was ", string(body))
return "", fmt.Errorf("failed to unmarshal response data of size %v: %v",
len(body), err)
}
if respData.AccessToken == "" {
return "", fmt.Errorf(
"exchanged empty token, response: %v", string(body))
}
return respData.AccessToken, nil
}
respData := &idTokenResponse{}
if err := json.Unmarshal(body, respData); err != nil {
// Normally the request should json - extremely hard to debug otherwise, not enough info in status/err
log.Println("Unexpected unmarshal error, response was ", string(body))
return "", fmt.Errorf("failed to unmarshal response data of size %v: %v",
len(body), err)
}
if respData.Token == "" {
return "", fmt.Errorf(
"exchanged empty token, response: %v", string(body))
}
return respData.Token, nil
}