mij
uit
der
daar
haar
naar
heb
hoe
heeft
hebben
deze
u
want
nog
zal
me
zij
nu
ge
geen
omdat
iets
worden
toch
al
waren
veel
meer
doen
toen
moet
ben
zonder
kan
hun
dus
alles
onder
ja
eens
hier
wie
werd
altijd
doch
wordt
wezen
kunnen
ons
zelf
tegen
na
reeds
wil
kon
niets
uw

"zich", "bij", "ook", "tot", "je", "mij", "uit", "der", "daar", "haar", "naar", "heb", "hoe", "heeft", "hebben", "deze", "u", "want", "nog", "zal", "me", "zij", "nu", "ge", "geen", "omdat", "iets", "worden", "toch", "al", "waren", "veel", "meer", "doen", "toen", "moet", "ben", "zonder", "kan", "hun", "dus", "alles", "onder", "ja", "eens", "hier", "wie", "werd", "altijd", "doch", "wordt", "wezen", "kunnen", "ons", "zelf", "tegen", "na", "reeds", "wil", "kon", "niets", "uw", "iemand", "geweest", "andere"]...

"zich", "bij", "ook", "tot", "je", "mij", "uit", "der", "daar", "haar", "naar", "heb", "hoe", "heeft", "hebben", "deze", "u", "want", "nog", "zal", "me", "zij", "nu", "ge", "geen", "omdat", "iets", "worden", "toch", "al", "waren", "veel", "meer", "doen", "toen", "moet", "ben", "zonder", "kan", "hun", "dus", "alles", "onder", "ja", "eens", "hier", "wie", "werd", "altijd", "doch", "wordt", "wezen", "kunnen", "ons", "zelf", "tegen", "na", "reeds", "wil", "kon", "niets", "uw", "iemand", "geweest", "andere"]...

	"net/url"
	"time"

	"github.com/minio/minio-go/v7"
	cr "github.com/minio/minio-go/v7/pkg/credentials"
)

var (
	// LDAP integrated Minio endpoint
	stsEndpoint string

	// token to use with AssumeRoleWithCustomToken
	token string

	// Role ARN to use
	roleArn string

	// Display credentials flag
	displayCreds bool

	// Credential expiry duration
	expiryDuration time.Duration

	// Bucket to list

| Version         | String  | Yes      | Value must be `2011-06-15`                                           |
| Token           | String  | Yes      | Token to be authenticated by identity plugin                         |
| RoleArn         | String  | Yes      | Must match the Role ARN generated for the identity plugin            |

        // Security Buffer Length
        assertEquals(token.length, SMBUtil.readInt2(buffer, bodyOffset + 14));

        // Previous Session ID
        assertEquals(previousSessionId, SMBUtil.readInt8(buffer, bodyOffset + 16));

        // Token content
        byte[] actualToken = new byte[token.length];
        System.arraycopy(buffer, securityBufferOffset, actualToken, 0, token.length);
        assertArrayEquals(token, actualToken);

        authVector.add(new DERSequence(elementVector));

        byte[] token = new DERSequence(authVector).getEncoded();
        Map<Integer, KerberosKey> keys = new HashMap<>();

        // 2. WHEN
        KerberosRelevantAuthData relevantAuthData = new KerberosRelevantAuthData(token, keys);

        // 3. THEN
        assertNotNull(relevantAuthData, "The KerberosRelevantAuthData object should not be null.");

But it's signed. So, when you receive a token that you emitted, you can verify that you actually emitted it.

That way, you can create a token with an expiration of, let's say, 1 week. And then when the user comes back the next day with the token, you know that user is still logged in to your system.

        // GIVEN an invalid token for AUTH_DATA_PAC
        byte[] invalidToken = "invalid-pac-token".getBytes();

        // WHEN parsing the auth data
        // THEN a PACDecodingException should be thrown
        assertThrows(PACDecodingException.class, () -> {
            KerberosAuthData.parse(KerberosConstants.AUTH_DATA_PAC, invalidToken, mockKeys);
        }, "Parsing an invalid PAC token should throw a PACDecodingException.");
    }

{* ../../docs_src/security/tutorial001_an_py39.py hl[8] *}

/// tip

Here `tokenUrl="token"` refers to a relative URL `token` that we haven't created yet. As it's a relative URL, it's equivalent to `./token`.