## API Request Parameters

### WebIdentityToken

The OAuth 2.0 id_token that is provided by the web identity provider. Application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

| Params               | Value                                          |

    # we can now use the id_token as much as we want to access protected resources.
    tokens = json.loads(id_token_response.text)
    id_token = tokens['id_token']

    response = sts_client.assume_role_with_web_identity(
        RoleArn='arn:aws:iam::123456789012:user/svc-internal-api',
        RoleSessionName='test',
        WebIdentityToken=id_token,
        DurationSeconds=3600
    )

    s3_resource = boto3.resource('s3',

jiuker <******@****.***> 1684487613 +0800

brew uninstall minio
brew install minio/stable/minio
```

The MinIO deployment starts using default root credentials `minioadmin:minioadmin`. You can test the deployment using the MinIO Console, an embedded web-based object browser built into MinIO Server. Point a web browser running on the host machine to <http://127.0.0.1:9000> and log in with the root credentials. You can use the Browser to create buckets, upload objects, and browse the contents of the MinIO server.

| [**WebIdentity**](https://github.com/minio/minio/blob/master/docs/sts/web-identity.md) | Let users request temporary credentials using any OpenID(OIDC) compatible web identity providers such as KeyCloak, Dex, Facebook, Google etc. |

#
# See the storage document at Documentation/storage.md for further information.
storage:
  type: sqlite3
  config:
    file: examples/dex.db

# Configuration for the HTTP endpoints.
web:
  http: 0.0.0.0:5556
  # Uncomment for HTTPS options.
  # https: 127.0.0.1:5554
  # tlsCert: /etc/dex/tls.crt
  # tlsKey: /etc/dex/tls.key

  # Configuration for telemetry
  telemetry:
    http: 0.0.0.0:5558

```
~ export MINIO_IDENTITY_OPENID_CLAIM_NAME=name
~ export MINIO_IDENTITY_OPENID_CONFIG_URL=http://127.0.0.1:5556/dex/.well-known/openid-configuration
~ minio server ~/test
```

### Run the `web-identity.go`

```
~ go run web-identity.go -cid example-app -csec ZXhhbXBsZS1hcHAtc2VjcmV0 \
     -config-ep http://127.0.0.1:5556/dex/.well-known/openid-configuration \
     -cscopes groups,openid,email,profile
```

```

```yaml
route:
  group_by: ['alertname']
  group_wait: 30s
  group_interval: 5m
  repeat_interval: 1h
  receiver: 'web.hook'
receivers:
  - name: 'web.hook'
    webhook_configs:
      - url: 'http://127.0.0.1:8010/webhook'
inhibit_rules:
  - source_match:
      severity: 'critical'
    target_match:
      severity: 'warning'

      openid2:
        image: quay.io/minio/dex
        ports:
          - "5557:5557"
        env:
          DEX_LDAP_SERVER: "openldap:389"
          DEX_ISSUER: "http://127.0.0.1:5557/dex"
          DEX_WEB_HTTP: "0.0.0.0:5557"

    strategy:
      # When ldap, etcd or openid vars are empty below, those external servers
      # are turned off - i.e. if ldap="", then ldap server is not enabled for
      # the tests.

docker-compose.exe up
```

or

```sh
docker stack deploy --compose-file docker-compose.yaml minio
```

Distributed instances are now accessible on the host using the Minio CLI on port 9000 and the Minio Web Console on port 9001. Proceed to access the Web browser at <http://127.0.0.1:9001/>. Here 4 MinIO server instances are reverse proxied through Nginx load balancing.

### Notes