Harshavardhana <******@****.***> 1705561397 -0800

            headers['authorization'] = urllib3.make_headers(
                basic_auth='%s:%s' % (self.cid, self.csec))['authorization']

            response = self._http.urlopen('POST', self.idp_ep,
                                          body="grant_type=client_credentials",
                                          headers=headers,
                                          preload_content=True,

Fixes that are allowed a backport must satisfy any of the following criteria's:

- A fix must not be a feature, for example.

```
commit faf013ec84051b92ae0f420a658b8d35bb7bb000
Author: Klaus Post <******@****.***>
Date:   Thu Nov 18 12:15:22 2021 -0800

    Improve performance on multiple versions (#13573)
```

- A fix must be a valid fix that was reproduced and seen in a customer environment, for example.

	// the subnet license renewal api renews the license only
	// if required e.g. when it is expiring soon
	url := globalSubnetConfig.BaseURL + licRenewPath

	resp, err := globalSubnetConfig.Post(url, nil)
	if err != nil {
		subnetLogIf(ctx, fmt.Errorf("error from %s: %w", url, err))
		return
	}

	r := gjson.Parse(resp).Get("license_v2")
	if r.Index == 0 {

exemptAssignees: false

# Label to use when marking as stale
staleLabel: stale

# Comment to post when marking as stale. Set to `false` to disable
markComment: >-
  This issue has been automatically marked as stale because it has not had
  recent activity. It will be closed after 15 days if no further activity
  occurs. Thank you for your contributions.
# Comment to post when removing the stale label.
# unmarkComment: >
#   Your comment here.

				t.Errorf("Expected success but failed with %s", err)
			}
			if !testCase.success && err == nil {
				t.Errorf("Expected failed but succeeded")
			}
		})
	}
}

// Test Post Policy parsing and checking conditions
func TestPostPolicyForm(t *testing.T) {
	pp := minio.NewPostPolicy()
	pp.SetBucket("testbucket")
	pp.SetContentType("image/jpeg")
	pp.SetUserMetadata("uuid", "14365123651274")

## REST API call to plugin

To verify the custom token presented in the `AssumeRoleWithCustomToken` API, MinIO makes a POST request to the configured identity management plugin endpoint and expects a response with some details as shown below:

### Request `POST` to plugin endpoint

Query parameters:

| Parameter Name | Value Type | Purpose                                                                 |

}

func implicitFlowURL(c oauth2.Config, state string) string {
	var buf bytes.Buffer
	buf.WriteString(c.Endpoint.AuthURL)
	v := url.Values{
		"response_type": {"id_token"},
		"response_mode": {"form_post"},
		"client_id":     {c.ClientID},
	}
	if c.RedirectURL != "" {
		v.Set("redirect_uri", c.RedirectURL)
	}
	if len(c.Scopes) > 0 {
		v.Set("scope", strings.Join(c.Scopes, " "))
	}

		{ObjectCreatedAll, "s3:ObjectCreated:*"},
		{ObjectCreatedCompleteMultipartUpload, "s3:ObjectCreated:CompleteMultipartUpload"},
		{ObjectCreatedCopy, "s3:ObjectCreated:Copy"},
		{ObjectCreatedPost, "s3:ObjectCreated:Post"},
		{ObjectCreatedPut, "s3:ObjectCreated:Put"},
		{ObjectRemovedAll, "s3:ObjectRemoved:*"},
		{ObjectRemovedDelete, "s3:ObjectRemoved:Delete"},
		{ObjectRemovedDeleteAllVersions, "s3:ObjectRemoved:DeleteAllVersions"},

	reqQueries := r.Form
	// find whether "host" is part of list of signed headers.
	// if not return ErrUnsignedHeaders. "host" is mandatory.
	if !slices.Contains(signedHeaders, "host") {
		return nil, ErrUnsignedHeaders
	}
	extractedSignedHeaders := make(http.Header)
	for _, header := range signedHeaders {
		// `host` will not be found in the headers, can be found in r.Host.