```console
$ npm run generate-client

frontend-app@1.0.0 generate-client /home/user/code/frontend-app
> openapi-ts --input http://localhost:8000/openapi.json --output ./src/client --client axios
```

</div>

That command will generate code in `./src/client` and will use `axios` (the frontend HTTP library) internally.

### Try Out the Client Code

func (n *NetworkError) Unwrap() error {
	return n.Err
}

// Client - http based RPC client.
type Client struct {
	connected int32 // ref: https://golang.org/pkg/sync/atomic/#pkg-note-BUG
	_         int32 // For 64 bits alignment
	lastConn  int64

	// HealthCheckFn is the function set to test for health.
	// If not set the client will not keep track of health.
	// Calling this returns true or false if the target

}

func (client *storageRESTClient) IsLocal() bool {
	return false
}

func (client *storageRESTClient) Hostname() string {
	return client.endpoint.Host
}

func (client *storageRESTClient) Endpoint() Endpoint {
	return client.endpoint
}

func (client *storageRESTClient) Healing() *healingTracker {
	// This call is not implemented for remote client on purpose.

	makeSTSClient := func(user, password string) *minio.Client {
		// Generate web identity JWT by interacting with OpenID IDP.
		token, err := MockOpenIDTestUserInteraction(ctx, clientApp, user, password)
		if err != nil {
			c.Fatalf("mock user err: %v", err)
		}

		// Generate STS credential.
		webID := cr.STSWebIdentity{
			Client:      s.TestSuiteCommon.client,
			STSEndpoint: s.endPoint,

    )

  val orderBy = okhttp.enabled + chrome80.enabled + safari12Osx.enabled + rest(clients)
  val survey = CipherSuiteSurvey(clients = clients, ianaSuites = ianaSuitesNew, orderBy = orderBy)

  survey.printGoogleSheet()
}

fun rest(clients: List<Client>): List<SuiteId> {
  // combine all ciphers to get these near the top
  return clients.flatMap { it.enabled }

        .build(),
    )
    val client1 =
      client.newBuilder()
        .readTimeout(Duration.ofSeconds(2))
        .build()
    val call1 =
      client1
        .newCall(
          Request.Builder()
            .url(server.url("/"))
            .build(),
        )
    val client2 =
      client.newBuilder()
        .readTimeout(Duration.ofMillis(200))
        .build()

	writeSuccessResponseXML(w, encodedSuccessResponse)
}

// AssumeRoleWithCertificate implements user authentication with client certificates.
// It verifies the client-provided X.509 certificate, maps the certificate to an S3 policy
// and returns temp. S3 credentials to the client.
//
// API endpoint: https://minio:9000?Action=AssumeRoleWithCertificate&Version=2011-06-15

            - name: MINIO_IDENTITY_OPENID_CLIENT_ID
            {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientIdKey }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.oidc.existingClientSecretName }}
                  key: {{ .Values.oidc.existingClientIdKey }}
            {{- else }}
              value: {{ .Values.oidc.clientId }}
            {{- end }}

Additionally, using the redirection mechanism reduces the need for clients to know the destination's ztunnel address.

Below shows an example outbound request. The "target" path is what the client sends, while the "actual" path is the real network flow after redirection.

```mermaid
graph LR
    subgraph Client Node
        Client
        CZ["Ztunnel"]
    end
    subgraph Server Node
        Server

oidc:
  enabled: false
  configUrl: "https://identity-provider-url/.well-known/openid-configuration"
  clientId: "minio"
  clientSecret: ""
  # Provide existing client secret from the Kubernetes Secret resource, existing secret will have priority over `clientId` and/or `clientSecret``
  existingClientSecretName: ""
  existingClientIdKey: ""
  existingClientSecretKey: ""
  claimName: "policy"