NewAuthorizer authenticates tokens as JWT tokens produced by JWTTokenGenerator Token signatures are verified using each of the given public keys until one works (allowing key rotation) If lookup is true, the service account and secret referenced as claims inside the token are retrieved and verified with the provided ServiceAccountTokenGetter.

Validator is called by the JWT token authentictaor to apply domain specific validation to a token and extract user information.