in internal/validation/request.go [56:71]
func (cv DefaultCredentialValidator) validateToken(credsRequest *credentials.EksCredentialsRequest) error {
// just verify the token is parseable, we will detect if it's valid or not on the service
if credsRequest.ServiceAccountToken == "" {
return errors.NewRequestValidationError("Service account token cannot be empty")
}
parsedToken, _, err := jwtParser.ParseUnverified(credsRequest.ServiceAccountToken, &jwt.RegisteredClaims{})
if err != nil {
return errors.NewRequestValidationError(fmt.Sprintf("Service account token cannot be parsed: %v", err))
}
err = jwtValidator.Validate(parsedToken.Claims)
if err != nil {
return errors.NewRequestValidationError(fmt.Sprintf("Service account token failed basic claim validations: %v", err))
}
return nil
}