Adding custom fields into a service account token

I am looking for a way to add custom fields in a service account token. I tried to add annotations to the service account but they did not show up in the token. I also tried adding annotations to the TokenReview object but that also does not show up in the token. Is there an easy way to do that? Any help guidance is really appreciated.

@pdewan we’re also running into this issue. We need to be able to inject tags as per AWS Docs and unable to find a way around this. E.g. adding something like this in:

    "https://aws.amazon.com/tags": {
        "principal_tags": {
            "User": ["service-account"],
        },
        "transitive_tag_keys": [
            "User",
        ]
    }

hi @dcarrion87, @pdewan,
I have the same issue, did you manage to find a workaround?

thanks

Hi,
If got your question correctly, you are trying to modify the token itself. SA token represents an encoded jwt. You can decode its value from the secret, modify payload, encode updated payload and update data.token field value from the secret.