Harshavardhana <******@****.***> 1705561397 -0800

Fixes that are allowed a backport must satisfy any of the following criteria's:

- A fix must not be a feature, for example.

```
commit faf013ec84051b92ae0f420a658b8d35bb7bb000
Author: Klaus Post <******@****.***>
Date:   Thu Nov 18 12:15:22 2021 -0800

    Improve performance on multiple versions (#13573)
```

- A fix must be a valid fix that was reproduced and seen in a customer environment, for example.

	// the subnet license renewal api renews the license only
	// if required e.g. when it is expiring soon
	url := globalSubnetConfig.BaseURL + licRenewPath

	resp, err := globalSubnetConfig.Post(url, nil)
	if err != nil {
		subnetLogIf(ctx, fmt.Errorf("error from %s: %w", url, err))
		return
	}

	r := gjson.Parse(resp).Get("license_v2")
	if r.Index == 0 {

exemptAssignees: false

# Label to use when marking as stale
staleLabel: stale

# Comment to post when marking as stale. Set to `false` to disable
markComment: >-
  This issue has been automatically marked as stale because it has not had
  recent activity. It will be closed after 15 days if no further activity
  occurs. Thank you for your contributions.
# Comment to post when removing the stale label.
# unmarkComment: >
#   Your comment here.

```
export MINIO_IDENTITY_TLS_ENABLE=on
```

## Example

MinIO exposes a custom S3 STS API endpoint as `Action=AssumeRoleWithCertificate`. A client has to send an HTTP `POST` request to `https://<host>:<port>?Action=AssumeRoleWithCertificate&Version=2011-06-15`. Since the authentication and authorization happens via X.509 certificates the client has to send the request over **TLS** and has to provide
a client certificate.

## REST API call to plugin

To verify the custom token presented in the `AssumeRoleWithCustomToken` API, MinIO makes a POST request to the configured identity management plugin endpoint and expects a response with some details as shown below:

### Request `POST` to plugin endpoint

Query parameters:

| Parameter Name | Value Type | Purpose                                                                 |

	if resp.StatusCode == http.StatusOK {
		return respStr, nil
	}

	return respStr, fmt.Errorf("SUBNET request failed with code %d and error: %s", resp.StatusCode, respStr)
}

// Post submit 'payload' to specified URL
func (c Config) Post(reqURL string, payload interface{}) (string, error) {
	if !c.Registered() {
		return "", errors.New("Deployment is not registered with SUBNET. Please register the deployment via 'mc license register ALIAS'")

After configuring the plugin, use the generated Role ARN with `AssumeRoleWithCustomToken` to get temporary credentials to access object storage.

## API Request

To make an STS API request with this method, send a POST request to the MinIO endpoint with following query parameters:

| Parameter       | Type    | Required |                                                                      |

- To run `make test` and `make build` completes.

### Commit changes

After verification, commit your changes. This is a [great post](https://chris.beams.io/posts/git-commit/) on how to write useful commit messages

```
git commit -am 'Add some feature'
```

### Push to the branch

}

func implicitFlowURL(c oauth2.Config, state string) string {
	var buf bytes.Buffer
	buf.WriteString(c.Endpoint.AuthURL)
	v := url.Values{
		"response_type": {"id_token"},
		"response_mode": {"form_post"},
		"client_id":     {c.ClientID},
	}
	if c.RedirectURL != "" {
		v.Set("redirect_uri", c.RedirectURL)
	}
	if len(c.Scopes) > 0 {
		v.Set("scope", strings.Join(c.Scopes, " "))
	}