c.Fatalf("bucket creat error: %v", err)
	}

	// 2. Create a user, associate policy and verify access
	accessKey, secretKey := mustGenerateCredentials(c)
	err = s.adm.SetUser(ctx, accessKey, secretKey, madmin.AccountEnabled)
	if err != nil {
		c.Fatalf("Unable to set user: %v", err)
	}
	// 2.1 check that user does not have any access to the bucket
	uClient := s.getUserClient(c, accessKey, secretKey, "")

labels.boost_document_rule_url_expr=Condition
labels.boost_document_rule_boost_expr=Boost Expression
labels.boost_document_rule_sort_order=Sort Order
labels.access_token_configuration=Access Token
labels.access_token_title_details=Access Token
labels.access_token_list_name=Name
labels.access_token_name=Name
labels.access_token_token=Token
labels.access_token_expires=Expires
labels.access_token_parameter_name=Parameter Name

index*       (string)             Elasticsearch index to store/update events, index is auto-created
format*      (namespace*|access)  'namespace' reflects current bucket/object list and 'access' reflects a journal of object operations, defaults to 'namespace'
queue_dir    (path)               staging dir for undelivered messages e.g. '/home/events'

labels.boost_document_rule_url_expr=Condition
labels.boost_document_rule_boost_expr=Boost Expression
labels.boost_document_rule_sort_order=Sort Order
labels.access_token_configuration=Access Token
labels.access_token_title_details=Access Token
labels.access_token_list_name=Name
labels.access_token_name=Name
labels.access_token_token=Token
labels.access_token_expires=Expires
labels.access_token_parameter_name=Parameter Name

            throw new SsoLoginException("could not validate nonce", e);
        }
    }

    /**
     * Obtains an access token using a refresh token.
     * @param refreshToken The refresh token to use for token acquisition.
     * @return The authentication result containing the access token.
     */
    public IAuthenticationResult getAccessToken(final String refreshToken) {

   * access. Access time is reset by all cache read and write operations (including {@code
   * Cache.asMap().get(Object)} and {@code Cache.asMap().put(K, V)}), but not by {@code
   * containsKey(Object)}, nor by operations on the collection-views of {@link Cache#asMap}}. So,
   * for example, iterating through {@code Cache.asMap().entrySet()} does not reset access time for
   * the entries you retrieve.
   *

	if err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}

	writeSuccessNoContent(w)
}

// InfoAccessKey - GET /minio/admin/v3/info-access-key?access-key=<access-key>
func (a adminAPIHandlers) InfoAccessKey(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

	// Get current object layer instance.
	objectAPI := newObjectLayerFn()

   * access. Access time is reset by all cache read and write operations (including {@code
   * Cache.asMap().get(Object)} and {@code Cache.asMap().put(K, V)}), but not by {@code
   * containsKey(Object)}, nor by operations on the collection-views of {@link Cache#asMap}}. So,
   * for example, iterating through {@code Cache.asMap().entrySet()} does not reset access time for
   * the entries you retrieve.
   *

		Description:    "The access key is invalid.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrAdminInvalidSecretKey: {
		Code:           "XMinioAdminInvalidSecretKey",
		Description:    "The secret key is invalid.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrAdminNoAccessKey: {
		Code:           "XMinioAdminNoAccessKey",
		Description:    "No access key was provided.",

        return null;
    }

    /**
     * Searches for documents relevant to the user's query.
     * SearchHelper applies role-based access control filtering through
     * SearchRequestType.JSON and the role filter mechanism, ensuring
     * users only see documents they are authorized to access.
     * <p>
     * This is the primary extension point for subclasses to customize search behavior.
     *