- Eliminates the need to provide access to buckets and objects without having to define static credentials.
- Temporary credentials have a limited lifetime, there is no need to rotate them or explicitly revoke them. Expired temporary credentials cannot be reused.

## Identity Federation

          isSocket = true,
        )
    }
  }

  fun noNewExchangesOnConnection() {
    codec.carrier.noNewExchanges()
  }

  fun cancel() {
    codec.cancel()
  }

  /**
   * Revoke this exchange's access to streams. This is necessary when a follow-up request is
   * required but the preceding exchange hasn't completed yet.
   */
  fun detachWithViolence() {
    codec.cancel()
    call.messageDone(

		adminRouter.Methods(http.MethodGet).Path(adminVersion + "/healthinfo").
			HandlerFunc(adminMiddleware(adminAPI.HealthInfoHandler))

		// STS Revocation
		adminRouter.Methods(http.MethodPost).Path(adminVersion + "/revoke-tokens/{userProvider}").HandlerFunc(adminMiddleware(adminAPI.RevokeTokens))
	}

	// If none of the routes match add default error handler routes
	adminRouter.NotFoundHandler = httpTraceAll(errorResponseHandler)

	ldapUserN      = "ldapUsername"   // this is a key name for the short/login username
	// Claim key-prefix for LDAP attributes
	ldapAttribPrefix = "ldapAttrib_"

	// Role Claim key
	roleArnClaim = "roleArn"

	// STS revoke type claim key
	tokenRevokeTypeClaim = "tokenRevokeType"

	// maximum supported STS session policy size
	maxSTSSessionPolicySize = 2048
)

type stsClaims map[string]any

	if err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}

	writeSuccessResponseJSON(w, encryptedData)
}

// RevokeTokens - POST /minio/admin/v3/revoke-tokens/{userProvider}
func (a adminAPIHandlers) RevokeTokens(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

	// Get current object layer instance.
	objectAPI := newObjectLayerFn()

		c.Fatal("AddUser() for root credential must fail via root STS creds")
	}
}

// TestSTSTokenRevoke - tests the token revoke API
func (s *TestSuiteIAM) TestSTSTokenRevoke(c *check) {
	ctx, cancel := context.WithTimeout(context.Background(), 100*testDefaultTimeout)
	defer cancel()

	bucket := getRandomBucketName()

		Description:    "The security token included in the request is invalid",
		HTTPStatusCode: http.StatusForbidden,
	},
	ErrNoTokenRevokeType: {
		Code:           "InvalidArgument",
		Description:    "No token revoke type specified and one could not be inferred from the request",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrAdminNoSuchAccessKey: {
		Code:           "XMinioAdminNoSuchAccessKey",

  /**
   * This classloader disallows {@link java.lang.invoke.VarHandle}, which will prevent us from
   * selecting the {@code VarHandleAtomicHelper} strategy.
   */
  private static final ClassLoader NO_VAR_HANDLE =
      getClassLoader(ImmutableSet.of("java.lang.invoke.VarHandle"));

  /**
   * This classloader disallows {@link java.lang.invoke.VarHandle} and {@link sun.misc.Unsafe},

            writeParams.setAccessible(true);
            writeParams.invoke(cancel, dst, 0);

            Method writeBytes = SmbComNtCancel.class.getDeclaredMethod("writeBytesWireFormat", byte[].class, int.class);
            writeBytes.setAccessible(true);
            writeBytes.invoke(cancel, dst, 0);

            // Then - array should remain unchanged

            // Compressed forms should remain unchanged
            assertEquals("::1", method.invoke(null, "::1"));
            assertEquals("2001:db8::1", method.invoke(null, "2001:db8::1"));

            // Expanded forms should be compressed
            assertEquals("::1", method.invoke(null, "0:0:0:0:0:0:0:1"));
            assertEquals("2001:db8::1", method.invoke(null, "2001:0db8:0000:0000:0000:0000:0000:0001"));