c.Fatalf("bucket creat error: %v", err)
	}

	// 2. Create a user, associate policy and verify access
	accessKey, secretKey := mustGenerateCredentials(c)
	err = s.adm.SetUser(ctx, accessKey, secretKey, madmin.AccountEnabled)
	if err != nil {
		c.Fatalf("Unable to set user: %v", err)
	}
	// 2.1 check that user does not have any access to the bucket
	uClient := s.getUserClient(c, accessKey, secretKey, "")

index*       (string)             Elasticsearch index to store/update events, index is auto-created
format*      (namespace*|access)  'namespace' reflects current bucket/object list and 'access' reflects a journal of object operations, defaults to 'namespace'
queue_dir    (path)               staging dir for undelivered messages e.g. '/home/events'

	if err != nil {
		return res, err
	}

	if !skipAccessChecks(srcVolume) {
		// Stat a volume entry.
		if err = Access(srcVolumeDir); err != nil {
			return res, convertAccessError(err, errVolumeAccessDenied)
		}
	}

	if !skipAccessChecks(dstVolume) {
		if err = Access(dstVolumeDir); err != nil {
			return res, convertAccessError(err, errVolumeAccessDenied)
		}
	}

            throw new SsoLoginException("could not validate nonce", e);
        }
    }

    /**
     * Obtains an access token using a refresh token.
     * @param refreshToken The refresh token to use for token acquisition.
     * @return The authentication result containing the access token.
     */
    public IAuthenticationResult getAccessToken(final String refreshToken) {

   * access. Access time is reset by all cache read and write operations (including {@code
   * Cache.asMap().get(Object)} and {@code Cache.asMap().put(K, V)}), but not by {@code
   * containsKey(Object)}, nor by operations on the collection-views of {@link Cache#asMap}}. So,
   * for example, iterating through {@code Cache.asMap().entrySet()} does not reset access time for
   * the entries you retrieve.
   *

	if err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}

	writeSuccessNoContent(w)
}

// InfoAccessKey - GET /minio/admin/v3/info-access-key?access-key=<access-key>
func (a adminAPIHandlers) InfoAccessKey(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

	// Get current object layer instance.
	objectAPI := newObjectLayerFn()

   * access. Access time is reset by all cache read and write operations (including {@code
   * Cache.asMap().get(Object)} and {@code Cache.asMap().put(K, V)}), but not by {@code
   * containsKey(Object)}, nor by operations on the collection-views of {@link Cache#asMap}}. So,
   * for example, iterating through {@code Cache.asMap().entrySet()} does not reset access time for
   * the entries you retrieve.
   *

	iamUserPolicyMap *xsync.MapOf[string, MappedPolicy]

	// STS accounts are loaded on demand and not via the periodic IAM reload.
	// map of STS access key to credentials
	iamSTSAccountsMap map[string]UserIdentity
	// map of STS access key to policy names
	iamSTSPolicyMap *xsync.MapOf[string, MappedPolicy]

	// map of group names to group info
	iamGroupsMap map[string]GroupInfo

# Length of API access token.
api.access.token.length=60
# Whether API access token is required.
api.access.token.required=false
# API access token request parameter.
api.access.token.request.parameter=
# Permissions for API admin access.
api.admin.access.permissions=Radmin-api
# Accepted referers for API search.
api.search.accept.referers=

		Description:    "The access key is invalid.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrAdminInvalidSecretKey: {
		Code:           "XMinioAdminInvalidSecretKey",
		Description:    "The secret key is invalid.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrAdminNoAccessKey: {
		Code:           "XMinioAdminNoAccessKey",
		Description:    "No access key was provided.",