MINIO_IDENTITY_OPENID_VENDOR                (string)    Specify vendor type for vendor specific behavior to checking validity of temporary credentials and service accounts on MinIO
MINIO_IDENTITY_OPENID_CLAIM_USERINFO        (on|off)    Enable fetching claims from UserInfo Endpoint for authenticated user

)

// OpenID keys and envs.
const (
	ClientID      = "client_id"
	ClientSecret  = "client_secret"
	ConfigURL     = "config_url"
	ClaimName     = "claim_name"
	ClaimUserinfo = "claim_userinfo"
	RolePolicy    = "role_policy"
	DisplayName   = "display_name"

	Scopes             = "scopes"
	RedirectURI        = "redirect_uri"
	RedirectURIDynamic = "redirect_uri_dynamic"
	Vendor             = "vendor"

func (n NATSArgs) connectNats() (*nats.Conn, error) {
	connOpts := []nats.Option{nats.Name("Minio Notification"), nats.MaxReconnects(-1)}
	if n.Username != "" && n.Password != "" {
		connOpts = append(connOpts, nats.UserInfo(n.Username, n.Password))
	}
	if n.UserCredentials != "" {
		connOpts = append(connOpts, nats.UserCredentials(n.UserCredentials))
	}
	if n.Token != "" {
		connOpts = append(connOpts, nats.Token(n.Token))
	}

	case offline:
		// client offline, return last error captured.
		return nil, &NetworkError{Err: c.LastError()}
	}

	// client is still connected, attempt the request.

	// Shallow copy. We don't modify the *UserInfo, if set.
	// All other fields are copied.
	u := *c.url
	u.Path = path.Join(u.Path, method)
	u.RawQuery = values.Encode()

	req, err := c.newRequest(ctx, u, body)
	if err != nil {

			ClientSecret:            cfg.ClientSecret,
			HMACSalt:                globalDeploymentID(),
			HMACPassphrase:          cfg.ClientID,
			Scopes:                  strings.Join(cfg.DiscoveryDoc.ScopesSupported, ","),
			Userinfo:                cfg.ClaimUserinfo,
			RedirectCallbackDynamic: cfg.RedirectURIDynamic,
			RedirectCallback:        callback,
			EndSessionEndpoint:      cfg.DiscoveryDoc.EndSessionEndpoint,

	}
	req, err := http.NewRequestWithContext(ctx, http.MethodPut, u.String(), nil)
	if err != nil {
		c.Fatalf("unexpected new request err: %v", err)
	}
	reqBodyArg := madmin.UserInfo{
		SecretKey:  secretKey,
		PolicyName: "consoleAdmin",
		Status:     madmin.AccountEnabled,
	}
	buf, err := json.Marshal(reqBodyArg)
	if err != nil {
		c.Fatalf("unexpected json encode err: %v", err)
	}

	stsToken                  = "Token"
	stsRoleArn                = "RoleArn"
	stsWebIdentityToken       = "WebIdentityToken"
	stsWebIdentityAccessToken = "WebIdentityAccessToken" // only valid if UserInfo is enabled.
	stsDurationSeconds        = "DurationSeconds"
	stsLDAPUsername           = "LDAPUsername"
	stsLDAPPassword           = "LDAPPassword"

	// STS API action constants