Skip to main content
POST
/
api
/
v1
/
service_principals
/
{service_principal_id}
/
trusts
/
{client_id}
/
test
TestToken
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.WorkloadFederation.TestToken(ctx, operations.C1APIWorkloadFederationV1WorkloadFederationServiceTestTokenRequest{
        ClientID: "<id>",
        ServicePrincipalID: "<id>",
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.WorkloadFederationServiceTestTokenResponse != nil {
        // handle response
    }
}
{
  "audienceValidation": {
    "actual": "<string>",
    "detail": "<string>",
    "expected": "<string>",
    "passed": true,
    "skipped": true,
    "stepName": "<string>"
  },
  "celEvaluation": {
    "actual": "<string>",
    "detail": "<string>",
    "expected": "<string>",
    "passed": true,
    "skipped": true,
    "stepName": "<string>"
  },
  "cidrCheck": {
    "actual": "<string>",
    "detail": "<string>",
    "expected": "<string>",
    "passed": true,
    "skipped": true,
    "stepName": "<string>"
  },
  "decodedClaimsJson": "<string>",
  "issuerMatch": {
    "actual": "<string>",
    "detail": "<string>",
    "expected": "<string>",
    "passed": true,
    "skipped": true,
    "stepName": "<string>"
  },
  "jwtDecode": {
    "actual": "<string>",
    "detail": "<string>",
    "expected": "<string>",
    "passed": true,
    "skipped": true,
    "stepName": "<string>"
  },
  "overallResult": true,
  "signatureValidation": {
    "actual": "<string>",
    "detail": "<string>",
    "expected": "<string>",
    "passed": true,
    "skipped": true,
    "stepName": "<string>"
  },
  "tokenFreshness": {
    "actual": "<string>",
    "detail": "<string>",
    "expected": "<string>",
    "passed": true,
    "skipped": true,
    "stepName": "<string>"
  }
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Path Parameters

service_principal_id
string
required

The service principal ID (from URL path).

client_id
string
required

The trust client ID. Accepts the cutename (e.g. "clever-fox-42195") or the full client ID (e.g. "clever-fox-42195@acme.conductorone.com/wfe"). The server normalizes to the cutename portion before lookup.

Body

application/json

The WorkloadFederationServiceTestTokenRequest message.

sourceIp
string

Optional: override source IP for CIDR testing. If empty, uses the request's source IP. Accepts IPv4 (e.g. 10.0.0.5) or IPv6 (e.g. 2001:db8::1) addresses, optionally with a CIDR prefix.

subjectToken
string

The raw JWT to validate (the subject_token from a CI job).

Response

200 - application/json

Successful response

The WorkloadFederationServiceTestTokenResponse message.

audienceValidation
Test Token Step Result · object

TestTokenStepResult represents the result of a single validation step.

celEvaluation
Test Token Step Result · object

TestTokenStepResult represents the result of a single validation step.

cidrCheck
Test Token Step Result · object

TestTokenStepResult represents the result of a single validation step.

decodedClaimsJson
string

The decoded JWT claims (best-effort, even if signature fails). Returned as JSON string for display.

issuerMatch
Test Token Step Result · object

TestTokenStepResult represents the result of a single validation step.

jwtDecode
Test Token Step Result · object

TestTokenStepResult represents the result of a single validation step.

overallResult
boolean

Overall result: true only if ALL steps passed.

signatureValidation
Test Token Step Result · object

TestTokenStepResult represents the result of a single validation step.

tokenFreshness
Test Token Step Result · object

TestTokenStepResult represents the result of a single validation step.