import org.lastaflute.web.login.credential.LoginCredential;

/**
 * OpenID Connect credential implementation.
 */
public class OpenIdConnectCredential implements LoginCredential, FessCredential {

    private final Map<String, Object> attributes;

    /**
     * Creates a new OpenID Connect credential.
     *
     * @param attributes the attributes from OpenID Connect provider
     */

    protected static final String OIC_REDIRECT_URL = "oic.redirect.url";

    /** Configuration key for OpenID Connect token server URL. */
    protected static final String OIC_TOKEN_SERVER_URL = "oic.token.server.url";

    /** Configuration key for OpenID Connect client secret. */
    protected static final String OIC_CLIENT_SECRET = "oic.client.secret";

import com.nimbusds.jwt.JWTParser;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.openid.connect.sdk.AuthenticationErrorResponse;
import com.nimbusds.openid.connect.sdk.AuthenticationResponse;
import com.nimbusds.openid.connect.sdk.AuthenticationResponseParser;
import com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse;

import jakarta.annotation.PostConstruct;

    }

    public void test_variousTokenTypes() {
        // Test with various common token types
        String[] tokenTypes = { "Bearer", "JWT", "OAuth", "OAuth2", "APIKey", "Session", "Basic", "Digest", "SAML", "OpenID" };

        for (String tokenType : tokenTypes) {
            String message = tokenType + " token is invalid";
            InvalidAccessTokenException exception = new InvalidAccessTokenException(tokenType, message);

        assertEquals(0, authenticators.length);
    }

    // Test getSsoType() with actual FessConfig
    public void test_getSsoType_withFessConfig() {
        final String expectedSsoType = "openid";
        FessConfig fessConfig = new FessConfig.SimpleImpl() {
            @Override
            public String getSsoType() {
                return expectedSsoType;
            }
        };

- The alpha feature `ServiceAccountIssuerDiscovery` enables publishing OIDC discovery information and service account token verification keys at `/.well-known/openid-configuration` and `/openid/v1/jwks` endpoints by API servers configured to issue service account tokens. ([#80724](https://github.com/kubernetes/kubernetes/pull/80724), [@cceckman](https://github.com/cceckman)) [SIG API Machinery, Auth, Cluster Lifecycle and Testing]...

* kube-apiserver: the OpenID Connect authenticator can now verify ID Tokens signed with JOSE algorithms other than RS256 through the --oidc-signing-algs flag. ([#58544](https://github.com/kubernetes/kubernetes/pull/58544), [@ericchiang](https://github.com/ericchiang))

* Laid the groundwork for OIDC distributed claims handling in the apiserver authentication token checker. A distributed claim allows the OIDC provider to delegate a claim to a separate URL. ([ref](http://openid.net/specs/openid-connect-core-1_0.html#AggregatedDistributedClaims)). ([#63213](https://github.com/kubernetes/kubernetes/pull/63213), [@filmil](https://github.com/filmil))

 *       returned stream is closed.
 *   <li><b>Convenience methods:</b> These are implementations of common operations that are
 *       typically implemented by opening a stream using one of the methods in the first category,
 *       doing something and finally closing the stream or channel that was opened.
 * </ul>
 *
 * @since 14.0
 * @author Colin Decker
 */
@J2ktIncompatible
@GwtIncompatible
public abstract class ByteSink {

 *       returned stream is closed.
 *   <li><b>Convenience methods:</b> These are implementations of common operations that are
 *       typically implemented by opening a stream using one of the methods in the first category,
 *       doing something and finally closing the stream or channel that was opened.
 * </ul>
 *
 * @since 14.0
 * @author Colin Decker
 */
@J2ktIncompatible
@GwtIncompatible
public abstract class ByteSink {