// Security Buffer Length
        assertEquals(token.length, SMBUtil.readInt2(buffer, bodyOffset + 14));

        // Previous Session ID
        assertEquals(previousSessionId, SMBUtil.readInt8(buffer, bodyOffset + 16));

        // Token content
        byte[] actualToken = new byte[token.length];
        System.arraycopy(buffer, securityBufferOffset, actualToken, 0, token.length);
        assertArrayEquals(token, actualToken);

        authVector.add(new DERSequence(elementVector));

        byte[] token = new DERSequence(authVector).getEncoded();
        Map<Integer, KerberosKey> keys = new HashMap<>();

        // 2. WHEN
        KerberosRelevantAuthData relevantAuthData = new KerberosRelevantAuthData(token, keys);

        // 3. THEN
        assertNotNull(relevantAuthData, "The KerberosRelevantAuthData object should not be null.");

{* ../../docs_src/security/tutorial001_an_py39.py hl[8] *}

/// tip

Here `tokenUrl="token"` refers to a relative URL `token` that we haven't created yet. As it's a relative URL, it's equivalent to `./token`.

But it's signed. So, when you receive a token that you emitted, you can verify that you actually emitted it.

That way, you can create a token with an expiration of, let's say, 1 week. And then when the user comes back the next day with the token, you know that user is still logged in to your system.

        // GIVEN an invalid token for AUTH_DATA_PAC
        byte[] invalidToken = "invalid-pac-token".getBytes();

        // WHEN parsing the auth data
        // THEN a PACDecodingException should be thrown
        assertThrows(PACDecodingException.class, () -> {
            KerberosAuthData.parse(KerberosConstants.AUTH_DATA_PAC, invalidToken, mockKeys);
        }, "Parsing an invalid PAC token should throw a PACDecodingException.");
    }

        source version-info-final-release/promote-projects/gradle/build/version-info.properties
        export WRAPPER_VERSION="$promotedVersion"
    elif [[ "$TRIGGERED_BY" == *"Release - Release Candidate"* ]]; then
        source version-info-release-candidate/promote-projects/gradle/build/version-info.properties
        export WRAPPER_VERSION="$promotedVersion"
    fi

    ./gradlew wrapper --gradle-version=$WRAPPER_VERSION 

## Prerequisites

Install Dex by following [Dex Getting Started Guide](https://dexidp.io/docs/getting-started/)

### Start Dex

```
~ ./bin/dex serve dex.yaml

Version: DEVELOPMENT.2023-02-05T05-17-27Z (go1.19.4 linux/amd64)

...
...
Object Lambda ARNs: arn:minio:s3-object-lambda::function:webhook

```

### Lambda Target with Auth Token

If your lambda target expects an authorization token then you can enable it per function target as follows

```

### Use cases: external service { #use-cases-external-service }

An example could be that you have an external authentication provider that you need to call.

You send it a token and it returns an authenticated user.

This provider might be charging you per request, and calling it might take some extra time than if you had a fixed mock user for tests.

if [[ "$AWS_REGION" == us-* ]]; then
  echo "For $AWS_REGION switching to user teamcityus access token"
  echo "##teamcity[setParameter name='env.DEVELOCITY_ACCESS_KEY' value='%ge.gradle.org.access.key.us%;%gbt-td.grdev.net.access.key%']"
fi

# READ-ONLY DEPENDENCY CACHE
if [ -d "/opt/gradle-cache" ]; then
  echo "##teamcity[setParameter name='env.GRADLE_RO_DEP_CACHE' value='/opt/gradle-cache']"