diff --git a/go.mod b/go.mod
index c55f18a4d99c..6b1dd7513297 100644
--- a/go.mod
+++ b/go.mod
@@ -36,8 +36,8 @@ require (
 	k8s.io/utils v0.0.0-20240102154912-e7106e64919e
 	knative.dev/caching v0.0.0-20240610144728-23ec42b2186b
 	knative.dev/hack v0.0.0-20240607132042-09143140a254
-	knative.dev/networking v0.0.0-20240607132834-85e269dff522
-	knative.dev/pkg v0.0.0-20240610120318-15e6cdf2f386
+	knative.dev/networking v0.0.0-20240611072033-3b8764c0bb4c
+	knative.dev/pkg v0.0.0-20240614135239-339c22b8218c
 	sigs.k8s.io/yaml v1.4.0
 )
 
diff --git a/go.sum b/go.sum
index 293e83836563..5fc83764f7ac 100644
--- a/go.sum
+++ b/go.sum
@@ -949,10 +949,10 @@ knative.dev/caching v0.0.0-20240610144728-23ec42b2186b h1:DNlfCXdLU4tTfICxG1A4Kw
 knative.dev/caching v0.0.0-20240610144728-23ec42b2186b/go.mod h1:cMG3/sqFSXue9pM9zL47SMKW/xl1390e6FwMP+iRfZE=
 knative.dev/hack v0.0.0-20240607132042-09143140a254 h1:1YFnu3U6dWZg0oxm6GU8kEdA9A+BvSWKJO7sg3N0kq8=
 knative.dev/hack v0.0.0-20240607132042-09143140a254/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
-knative.dev/networking v0.0.0-20240607132834-85e269dff522 h1:zDtZStHJI3La7jSHUAjN4Jgv0/Yynl51kuchlVLHqzA=
-knative.dev/networking v0.0.0-20240607132834-85e269dff522/go.mod h1:WS5A291Vy2unZ1L54ZSKBkz/gVzVmIy15cCcdA6PRN4=
-knative.dev/pkg v0.0.0-20240610120318-15e6cdf2f386 h1:nxFTT6DrXr70Zi2BK8nc57ts0/smyavd/uBRBbtqg94=
-knative.dev/pkg v0.0.0-20240610120318-15e6cdf2f386/go.mod h1:l7R8/SteYph0mZDsVgq3fVs4mWp1DaYx9BJJX68U6ik=
+knative.dev/networking v0.0.0-20240611072033-3b8764c0bb4c h1:Q+DdJYzvhwAVWMQtP6mbEr5dNxpr+K9HAF9RqJmZefY=
+knative.dev/networking v0.0.0-20240611072033-3b8764c0bb4c/go.mod h1:WhZLv94eOMDGHbdZiMrw6cnRfN3WEcFgpjUcV0A48pI=
+knative.dev/pkg v0.0.0-20240614135239-339c22b8218c h1:OaKrY7L6rzWTvs51JlieJajL40F6CpBbvO1aZspg2EA=
+knative.dev/pkg v0.0.0-20240614135239-339c22b8218c/go.mod h1:l7R8/SteYph0mZDsVgq3fVs4mWp1DaYx9BJJX68U6ik=
 pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw=
 pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
diff --git a/vendor/knative.dev/pkg/apis/duck/v1/auth_types.go b/vendor/knative.dev/pkg/apis/duck/v1/auth_types.go
index 5d76a7b422c0..dfb81cbe6219 100644
--- a/vendor/knative.dev/pkg/apis/duck/v1/auth_types.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1/auth_types.go
@@ -16,6 +16,21 @@ limitations under the License.
 
 package v1
 
+import (
+	"context"
+	"fmt"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"knative.dev/pkg/apis"
+	"knative.dev/pkg/apis/duck/ducktypes"
+	"knative.dev/pkg/kmeta"
+	"knative.dev/pkg/ptr"
+)
+
+// +genduck
+
 // AuthStatus is meant to provide the generated service account name
 // in the resource status.
 type AuthStatus struct {
@@ -28,3 +43,81 @@ type AuthStatus struct {
 	// when the component uses multiple identities (e.g. in case of a Parallel).
 	ServiceAccountNames []string `json:"serviceAccountNames,omitempty"`
 }
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// AuthenticatableType is a skeleton type wrapping AuthStatus in the manner we expect
+// resource writers defining compatible resources to embed it.  We will
+// typically use this type to deserialize AuthenticatableType ObjectReferences and
+// access the AuthenticatableType data.  This is not a real resource.
+type AuthenticatableType struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Status AuthenticatableStatus `json:"status"`
+}
+
+type AuthenticatableStatus struct {
+	// Auth contains the service account name for the subscription
+	// +optional
+	Auth *AuthStatus `json:"auth,omitempty"`
+}
+
+var (
+	// AuthStatus is a Convertible type.
+	_ apis.Convertible = (*AuthStatus)(nil)
+
+	// Verify AuthenticatableType resources meet duck contracts.
+	_ apis.Listable         = (*AuthenticatableType)(nil)
+	_ ducktypes.Populatable = (*AuthenticatableType)(nil)
+	_ kmeta.OwnerRefable    = (*AuthenticatableType)(nil)
+)
+
+// GetFullType implements duck.Implementable
+func (*AuthStatus) GetFullType() ducktypes.Populatable {
+	return &AuthenticatableType{}
+}
+
+// ConvertTo implements apis.Convertible
+func (a *AuthStatus) ConvertTo(_ context.Context, to apis.Convertible) error {
+	return fmt.Errorf("v1 is the highest known version, got: %T", to)
+}
+
+// ConvertFrom implements apis.Convertible
+func (a *AuthStatus) ConvertFrom(_ context.Context, from apis.Convertible) error {
+	return fmt.Errorf("v1 is the highest known version, got: %T", from)
+}
+
+// Populate implements duck.Populatable
+func (t *AuthenticatableType) Populate() {
+	t.Status = AuthenticatableStatus{
+		Auth: &AuthStatus{
+			// Populate ALL fields
+			ServiceAccountName: ptr.String("foo"),
+			ServiceAccountNames: []string{
+				"bar",
+				"baz",
+			},
+		},
+	}
+}
+
+// GetGroupVersionKind implements kmeta.OwnerRefable
+func (t *AuthenticatableType) GetGroupVersionKind() schema.GroupVersionKind {
+	return t.GroupVersionKind()
+}
+
+// GetListType implements apis.Listable
+func (*AuthenticatableType) GetListType() runtime.Object {
+	return &AuthenticatableTypeList{}
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// AuthenticatableTypeList is a list of AuthenticatableType resources
+type AuthenticatableTypeList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+
+	Items []AuthenticatableType `json:"items"`
+}
diff --git a/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go b/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go
index 9dab1a912c91..bc263edfd67e 100644
--- a/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go
@@ -176,6 +176,87 @@ func (in *AuthStatus) DeepCopy() *AuthStatus {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AuthenticatableStatus) DeepCopyInto(out *AuthenticatableStatus) {
+	*out = *in
+	if in.Auth != nil {
+		in, out := &in.Auth, &out.Auth
+		*out = new(AuthStatus)
+		(*in).DeepCopyInto(*out)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticatableStatus.
+func (in *AuthenticatableStatus) DeepCopy() *AuthenticatableStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(AuthenticatableStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AuthenticatableType) DeepCopyInto(out *AuthenticatableType) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticatableType.
+func (in *AuthenticatableType) DeepCopy() *AuthenticatableType {
+	if in == nil {
+		return nil
+	}
+	out := new(AuthenticatableType)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *AuthenticatableType) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AuthenticatableTypeList) DeepCopyInto(out *AuthenticatableTypeList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]AuthenticatableType, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticatableTypeList.
+func (in *AuthenticatableTypeList) DeepCopy() *AuthenticatableTypeList {
+	if in == nil {
+		return nil
+	}
+	out := new(AuthenticatableTypeList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *AuthenticatableTypeList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Binding) DeepCopyInto(out *Binding) {
 	*out = *in
diff --git a/vendor/knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/authstatus.go b/vendor/knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/authstatus.go
new file mode 100644
index 000000000000..8f2a26501cc8
--- /dev/null
+++ b/vendor/knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/authstatus.go
@@ -0,0 +1,60 @@
+/*
+Copyright 2022 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package authstatus
+
+import (
+	context "context"
+
+	duck "knative.dev/pkg/apis/duck"
+	v1 "knative.dev/pkg/apis/duck/v1"
+	controller "knative.dev/pkg/controller"
+	injection "knative.dev/pkg/injection"
+	dynamicclient "knative.dev/pkg/injection/clients/dynamicclient"
+	logging "knative.dev/pkg/logging"
+)
+
+func init() {
+	injection.Default.RegisterDuck(WithDuck)
+}
+
+// Key is used for associating the Informer inside the context.Context.
+type Key struct{}
+
+func WithDuck(ctx context.Context) context.Context {
+	dc := dynamicclient.Get(ctx)
+	dif := &duck.CachedInformerFactory{
+		Delegate: &duck.TypedInformerFactory{
+			Client:       dc,
+			Type:         (&v1.AuthStatus{}).GetFullType(),
+			ResyncPeriod: controller.GetResyncPeriod(ctx),
+			StopChannel:  ctx.Done(),
+		},
+	}
+	return context.WithValue(ctx, Key{}, dif)
+}
+
+// Get extracts the typed informer from the context.
+func Get(ctx context.Context) duck.InformerFactory {
+	untyped := ctx.Value(Key{})
+	if untyped == nil {
+		logging.FromContext(ctx).Panic(
+			"Unable to fetch knative.dev/pkg/apis/duck.InformerFactory from context.")
+	}
+	return untyped.(duck.InformerFactory)
+}
diff --git a/vendor/knative.dev/pkg/resolver/authenticatable_resolver.go b/vendor/knative.dev/pkg/resolver/authenticatable_resolver.go
new file mode 100644
index 000000000000..78dd69bddb42
--- /dev/null
+++ b/vendor/knative.dev/pkg/resolver/authenticatable_resolver.go
@@ -0,0 +1,117 @@
+/*
+Copyright 2024 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package resolver
+
+import (
+	"context"
+	"fmt"
+
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/tools/cache"
+
+	corev1 "k8s.io/api/core/v1"
+	apierrs "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/api/meta"
+	"knative.dev/pkg/client/injection/ducks/duck/v1/authstatus"
+	"knative.dev/pkg/controller"
+
+	pkgapisduck "knative.dev/pkg/apis/duck"
+	duckv1 "knative.dev/pkg/apis/duck/v1"
+	"knative.dev/pkg/tracker"
+)
+
+// AuthenticatableResolver resolves ObjectReferences into a AuthenticatableType.
+type AuthenticatableResolver struct {
+	tracker       tracker.Interface
+	listerFactory func(schema.GroupVersionResource) (cache.GenericLister, error)
+}
+
+// NewAuthenticatableResolverFromTracker constructs a new AuthenticatableResolver with context and a tracker.
+func NewAuthenticatableResolverFromTracker(ctx context.Context, t tracker.Interface) *AuthenticatableResolver {
+	ret := &AuthenticatableResolver{
+		tracker: t,
+	}
+
+	informerFactory := &pkgapisduck.CachedInformerFactory{
+		Delegate: &pkgapisduck.EnqueueInformerFactory{
+			Delegate:     authstatus.Get(ctx),
+			EventHandler: controller.HandleAll(ret.tracker.OnChanged),
+		},
+	}
+
+	ret.listerFactory = func(gvr schema.GroupVersionResource) (cache.GenericLister, error) {
+		_, l, err := informerFactory.Get(ctx, gvr)
+		return l, err
+	}
+
+	return ret
+}
+
+// AuthStatusFromObjectReference returns the AuthStatus from an object
+func (r *AuthenticatableResolver) AuthStatusFromObjectReference(ref *corev1.ObjectReference, parent interface{}) (*duckv1.AuthStatus, error) {
+	if ref == nil {
+		return nil, apierrs.NewBadRequest("ref is nil")
+	}
+
+	authenticatable, err := r.authenticatableFromObjectReference(ref, parent)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get authenticatable %s/%s: %w", ref.Namespace, ref.Name, err)
+	}
+
+	if authenticatable.Status.Auth == nil {
+		return nil, fmt.Errorf(".status.auth is missing in object %s/%s", ref.Namespace, ref.Name)
+	}
+
+	return authenticatable.Status.Auth, nil
+}
+
+// authenticatableFromObjectReference resolves an object reference into an AuthenticatableType
+func (r *AuthenticatableResolver) authenticatableFromObjectReference(ref *corev1.ObjectReference, parent interface{}) (*duckv1.AuthenticatableType, error) {
+	if ref == nil {
+		return nil, apierrs.NewBadRequest("ref is nil")
+	}
+
+	gvr, _ := meta.UnsafeGuessKindToResource(ref.GroupVersionKind())
+	if err := r.tracker.TrackReference(tracker.Reference{
+		APIVersion: ref.APIVersion,
+		Kind:       ref.Kind,
+		Namespace:  ref.Namespace,
+		Name:       ref.Name,
+	}, parent); err != nil {
+		return nil, fmt.Errorf("failed to track reference %s %s/%s: %w", gvr.String(), ref.Namespace, ref.Name, err)
+	}
+
+	lister, err := r.listerFactory(gvr)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get lister for %s: %w", gvr.String(), err)
+	}
+
+	obj, err := lister.ByNamespace(ref.Namespace).Get(ref.Name)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get object %s/%s: %w", ref.Namespace, ref.Name, err)
+	}
+
+	authenticatable, ok := obj.(*duckv1.AuthenticatableType)
+	if !ok {
+		return nil, apierrs.NewBadRequest(fmt.Sprintf("%s(%T) is not an AuthenticatableType", ref, ref))
+	}
+
+	// Do not modify informer copy.
+	authenticatable = authenticatable.DeepCopy()
+
+	return authenticatable, nil
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 6bc288333474..c6a7e865e315 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1349,7 +1349,7 @@ knative.dev/caching/pkg/client/listers/caching/v1alpha1
 # knative.dev/hack v0.0.0-20240607132042-09143140a254
 ## explicit; go 1.18
 knative.dev/hack
-# knative.dev/networking v0.0.0-20240607132834-85e269dff522
+# knative.dev/networking v0.0.0-20240611072033-3b8764c0bb4c
 ## explicit; go 1.21
 knative.dev/networking/config
 knative.dev/networking/pkg
@@ -1388,7 +1388,7 @@ knative.dev/networking/pkg/http/stats
 knative.dev/networking/pkg/ingress
 knative.dev/networking/pkg/k8s
 knative.dev/networking/pkg/prober
-# knative.dev/pkg v0.0.0-20240610120318-15e6cdf2f386
+# knative.dev/pkg v0.0.0-20240614135239-339c22b8218c
 ## explicit; go 1.21
 knative.dev/pkg/apiextensions/storageversion
 knative.dev/pkg/apiextensions/storageversion/cmd/migrate
@@ -1402,6 +1402,7 @@ knative.dev/pkg/apis/testing/fuzzer
 knative.dev/pkg/apis/testing/roundtrip
 knative.dev/pkg/changeset
 knative.dev/pkg/client/injection/ducks/duck/v1/addressable
+knative.dev/pkg/client/injection/ducks/duck/v1/authstatus
 knative.dev/pkg/client/injection/kube/client
 knative.dev/pkg/client/injection/kube/client/fake
 knative.dev/pkg/client/injection/kube/informers/admissionregistration/v1/mutatingwebhookconfiguration