@JvmStatic // Despite being 'internal', this method is called by popular 3rd party SDKs.
  fun invalidatesCache(method: String): Boolean =
    (
      method == "POST" ||
        method == "PATCH" ||
        method == "PUT" ||
        method == "DELETE" ||
        method == "MOVE"
    )

  @JvmStatic // Despite being 'internal', this method is called by popular 3rd party SDKs.
  fun requiresRequestBody(method: String): Boolean =
    (

		// OPTIONAL. Authorized party - the party to which the ID
		// Token was issued. If present, it MUST contain the OAuth
		// 2.0 Client ID of this party. This Claim is only needed
		// when the ID Token has a single audience value and that
		// audience is different than the authorized party. It MAY
		// be included even when the authorized party is the same

        id("${model.projectId}_SmokeTest_$id$suffix")
        name = "Smoke Tests with 3rd Party Plugins ($task) - ${testJava.version.toCapitalized()} Linux$suffix"
        description = "Smoke tests against third party plugins to see if they still work with the current Gradle version"

        if (flakyTestStrategy != FlakyTestStrategy.ONLY) {

3. [Generate and use Self-signed Keys and Certificates with MinIO](#generate-use-self-signed-keys-certificates)
4. [Install Certificates from Third-party CAs](#install-certificates-from-third-party-cas)

## 1. Install MinIO Server

        uuid = "${DslContext.uuidPrefix}_${model.projectId}_Stage_${stage.stageName.uuid}_SmokeTest"
        name = "Smoke Test"
        description = "Smoke tests against third-party plugins, Gradle build, and IDE sync"
    }) {
    init {
        smokeBuildTypes.forEach(this::buildType)
    }

    companion object {
        /**

```

Then install the chart, specifying that you want to use the TLS secret:

```bash
helm install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio
```

### Installing certificates from third party CAs

After a week, the token will be expired and the user will not be authorized and will have to sign in again to get a new token. And if the user (or a third party) tried to modify the token to change the expiration, you would be able to discover it, because the signatures would not match.

If you want to play with JWT tokens and see how they work, check [https://jwt.io](https://jwt.io/).

* For HTTPS, **the server** needs to **have "certificates"** generated by a **third party**.
    * Those certificates are actually **acquired** from the third party, not "generated".
* Certificates have a **lifetime**.
    * They **expire**.
    * And then they need to be **renewed**, **acquired again** from the third party.
* The encryption of the connection happens at the **TCP level**.
    * That's one layer **below HTTP**.

# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecard supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:

That's what would happen to a third party application that tried to access one of these *path operations* with a token provided by a user, depending on how many permissions the user gave the application.

## About third party integrations { #about-third-party-integrations }

In this example we are using the OAuth2 "password" flow.