MINIO_IDENTITY_OPENID_REDIRECT_URI          (string)    [DEPRECATED use env 'MINIO_BROWSER_REDIRECT_URL'] Configure custom redirect_uri for OpenID login flow callback
MINIO_IDENTITY_OPENID_COMMENT               (sentence)  optionally add a comment to this setting
```

### Access Control Configuration Variables

	// StatelessHandler is handlers for one to many requests,
	// where responses may be dropped.
	// Stateless requests provide no incoming stream and there is no flow control
	// on outgoing messages.
	StatelessHandler struct {
		Handle StatelessHandlerFn
		// OutCapacity is the output capacity on the caller.
		// If <= 0 capacity will be 1.
		OutCapacity int
	}

ARGS:
bitrotscan     (on|off)    perform bitrot scan on drives when checking objects during scanner
max_sleep      (duration)  maximum sleep duration between objects to slow down heal operation. eg. 2s
max_io         (int)       maximum IO requests allowed between objects to slow down heal operation. eg. 3
drive_workers  (int)       the number of workers per drive to heal a new disk replacement.
```

		return err
	}

	if c.AccessKey == "" {
		return jwtgo.NewValidationError("accessKey/sub missing",
			jwtgo.ValidationErrorClaimsInvalid)
	}

	return nil
}

// Map returns underlying low-level map claims.
func (c *MapClaims) Map() map[string]interface{} {
	if c == nil {
		return nil
	}
	return c.MapClaims
}

// MarshalJSON marshals the MapClaims struct

	}

	st, err := gridConn.NewStream(ctx, grid.HandlerTrace, payload)
	if err != nil {
		return
	}
	st.Results(func(b []byte) error {
		select {
		case traceCh <- b:
		default:
			// Do not block on slow receivers.
			// Just recycle the buffer.
			grid.PutByteBuffer(b)
		}
		return nil
	})
}

func (client *peerRESTClient) doListen(ctx context.Context, listenCh chan<- []byte, v url.Values) {

	}
	cfg.ListQuorum = listQuorum

	replicationPriority := env.Get(EnvAPIReplicationPriority, kvs.GetWithDefault(apiReplicationPriority, DefaultKVS))
	switch replicationPriority {
	case "slow", "fast", "auto":
	default:
		return cfg, fmt.Errorf("invalid value %v for replication_priority", replicationPriority)
	}
	cfg.ReplicationPriority = replicationPriority

## Introduction

MinIO provides a custom STS API that allows integration with LDAP based corporate environments including Microsoft Active Directory. The MinIO server uses a separate LDAP service account to lookup user information. The login flow for a user is as follows:

- User provides their AD/LDAP username and password to the STS API.
- MinIO looks up the user's information (specifically the user's Distinguished Name) in the LDAP server.

	dexClient := http.Client{
		CheckRedirect: checkRedirect,
	}

	u, err := url.Parse(authCodeURL)
	if err != nil {
		return "", fmt.Errorf("url parse err: %v", err)
	}

	// Start the user auth flow. This page would present the login with
	// email or LDAP option.
	req, err := http.NewRequestWithContext(ctx, http.MethodGet, u.String(), nil)
	if err != nil {
		return "", fmt.Errorf("new request err: %v", err)
	}