customTokenIdentity = "AssumeRoleWithCustomToken"
	assumeRole          = "AssumeRole"

	stsRequestBodyLimit = 10 * (1 << 20) // 10 MiB

	// JWT claim keys
	expClaim = "exp"
	subClaim = "sub"
	audClaim = "aud"
	issClaim = "iss"

	// JWT claim to check the parent user
	parentClaim = "parent"

	// LDAP claim keys
	ldapUser  = "ldapUser"     // this is a key name for a DN value

		manager, err := NewManager(ctx, ManagerOptions{
			Dialer: dialer.DialContext,
			Local:  host,
			Hosts:  hosts,
			AuthRequest: func(r *http.Request) error {
				return nil
			},
			AddAuth:      func(aud string) string { return aud },
			BlockConnect: ready,
		})
		if err != nil {
			return nil, err
		}
		m := mux.NewRouter()
		m.Handle(RoutePath, manager.Handler())
		res.Managers = append(res.Managers, manager)

		fn := authenticateNode
		b.ResetTimer()
		b.ReportAllocs()
		for i := 0; i < b.N; i++ {
			fn(creds.AccessKey, creds.SecretKey, "aud")
		}
	})
	b.Run("cached", func(b *testing.B) {
		fn := newCachedAuthToken()
		b.ResetTimer()
		b.ReportAllocs()
		for i := 0; i < b.N; i++ {
			fn("aud")
		}
	})

		if debugPrint {
			fmt.Printf("handler: Got Connect Req %+v\n", cReq)
		}
		writeErr(remote.handleIncoming(ctx, conn, cReq))
	}
}

// AuthFn should provide an authentication string for the given aud.
type AuthFn func(aud string) string

// Connection will return the connection for the specified host.
// If the host does not exist nil will be returned.
func (m *Manager) Connection(host string) *Connection {

func (c *Client) Close() {
	atomic.StoreInt32(&c.connected, closed)
}

// NewClient - returns new REST client.
func NewClient(uu *url.URL, tr http.RoundTripper, newAuthToken func(aud string) string) *Client {
	connected := int32(online)
	urlStr := uu.String()
	u, err := url.Parse(urlStr)
	if err != nil {
		// Mark offline, with no reconnection attempts.
		connected = int32(offline)