kopf.on.create - how to access jwt token requesting the change?

[styk-tv]

In scenario where OIDC is enabled on API and each user making requests is presenting their own Bearer token, kube api does its verification and so on, how would I get the token? I want to make decisions inside kopf based on the attributes from the auth token?

just a note: obviously I don't mean the authentication of the operator, but the token of the requestor submitting the request through the kubernetes api to the crd.