if err != nil {
		if xnet.IsNetworkOrHostDown(err, false) {
			return false, errNotConnected
		}
		return false, err
	}
	tokens := strings.Fields(target.args.AuthToken)
	switch len(tokens) {
	case 2:
		req.Header.Set("Authorization", target.args.AuthToken)
	case 1:
		req.Header.Set("Authorization", "Bearer "+target.args.AuthToken)
	}

	Aud []string `json:"aud"`

	// Exp is not currently used - we don't use the token for authn, just to determine k8s settings
	Exp int `json:"exp"`

	// Issuer - configured by K8S admin for projected tokens. Will be used to verify all tokens.
	Iss string `json:"iss"`

	Sub string `json:"sub"`
}

func (j JwtAuthenticator) AuthenticatorType() string {
	return IDTokenAuthenticatorType

}

type Resp struct {
	User               string                 `json:"user"`
	MaxValiditySeconds int                    `json:"maxValiditySeconds"`
	Claims             map[string]interface{} `json:"claims"`
}

var tokens map[string]Resp = map[string]Resp{
	"aaa": {
		User:               "Alice",
		MaxValiditySeconds: 3600,
		Claims: map[string]interface{}{
			"groups": []string{"data-science"},
		},
	},
	"bbb": {

			if off != len(input) && input[off] != '\n' {
				t.Errorf("scanning <<%s>>, got SEMICOLON at offset %d, want newline or EOF", input, off)
			}
		}
		lit = tok.String() // "\n" => ";"
		tokens = append(tokens, lit)
	}
	if got := strings.Join(tokens, " "); got != want {
		t.Errorf("scanning <<%s>>, got [%s], want [%s]", input, got, want)
	}
}

var semicolonTests = [...]struct{ input, want string }{
	{"", ""},

!!! tip
    In the next chapter, you will see a real secure implementation, with password hashing and <abbr title="JSON Web Tokens">JWT</abbr> tokens.

    But for now, let's focus on the specific details we need.

=== "Python 3.10+"

    ```Python hl_lines="87"
    {!> ../../../docs_src/security/tutorial003_an_py310.py!}
    ```

=== "Python 3.9+"

    ```Python hl_lines="87"

			t.Fatalf("failed to decode output: %v", err)
		}
		if len(tokens) == 0 {
			t.Fatalf("unexpected token: %#v", tok)
		}
		a, b := tokens[0], tok
		if !reflect.DeepEqual(a, b) {
			t.Fatalf("token mismatch: %#v vs %#v", a, b)
		}
		tokens = tokens[1:]
	}
	if len(tokens) > 0 {
		t.Fatalf("lost tokens: %#v", tokens)
	}
}

func TestRoundTrip(t *testing.T) {

apiVersion: release-notes/v2
kind: feature
area: security
issue:
  - 49913
releaseNotes:
- |

			sigs[tokenID] = value
			delete(newCM.Data, key)
		}
	}

	// Now recompute signatures and store them on the new map
	tokens := e.getTokens(ctx)
	for tokenID, tokenValue := range tokens {
		sig, err := jws.ComputeDetachedSignature(content, tokenID, tokenValue)
		if err != nil {
			utilruntime.HandleError(err)
		}

            {{ if .sts }}
              "sts_service": {
                "token_exchange_service_uri": "http://localhost:{{ .sts_port }}/token",
                "subject_token_path": "./var/run/secrets/tokens/istio-token",
                "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
                "scope": "https://www.googleapis.com/auth/cloud-platform"
              }
            {{ else }}

==============================================================================*/

// Generated by the tf_library build rule.  DO NOT EDIT!
//
// This file contains a test and benchmark for the function generated by
// tfcompile.  All tokens of the form `{{TFCOMPILE_*}}` must be rewritten to
// real values before this file can be compiled.
//
//    TFCOMPILE_HEADER    : Path to the header file generated by tfcompile.