in server/gcpcredential/validate.go [56:85]
func Validate(ctx context.Context, client *http.Client, credentials []string, expectedAudience string) ([]string, error) {
if client == nil {
var err error
client, err = defaultHTTPClient()
if err != nil {
return nil, err
}
}
validatorOptions := []idtoken.ClientOption{
option.WithoutAuthentication(),
option.WithHTTPClient(client),
}
v, err := idtoken.NewValidator(ctx, validatorOptions...)
if err != nil {
return nil, fmt.Errorf("could not create ID token validator: %v", err.Error())
}
validator := func(token string) (map[string]any, error) {
payload, err := v.Validate(ctx, token, expectedAudience)
if err != nil {
return nil, err
}
return payload.Claims, nil
}
return validateAndParse(credentials, validator)
}