user2 = &user.DefaultInfo{Name: "elegant_sheep", UID: "bravo"}
)

func (mock *mockAuthRequestHandler) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) {
	return &authenticator.Response{User: mock.returnUser}, mock.isAuthenticated, mock.err
}

func TestAuthenticateTokenSecondPasses(t *testing.T) {
	handler1 := &mockAuthRequestHandler{returnUser: user1}

	authorizationLatency.WithContext(ctx).WithLabelValues(resultLabel).Observe(authFinish.Sub(authStart).Seconds())
}

func recordAuthenticationMetrics(ctx context.Context, resp *authenticator.Response, ok bool, err error, apiAudiences authenticator.Audiences, authStart time.Time, authFinish time.Time) {
	var resultLabel string

	switch {
	case err != nil || (resp != nil && !audiencesAreAcceptable(apiAudiences, resp.Audiences)):

      MockResponse(body = "c"),
    )
    val authenticator =
      RecordingOkAuthenticator(
        basic("jesse", "peanutbutter"),
        "Basic",
      )
    client =
      client.newBuilder()
        .authenticator(authenticator)
        .build()
    assertContent("c", getResponse(newRequest("/a")))
    val challengeResponse = authenticator.responses[0]

    val hostnameVerifier: HostnameVerifier? = address.hostnameVerifier
    val certificatePinner: CertificatePinner? = address.certificatePinner
  }

  @Test
  fun authenticator() {
    var authenticator: Authenticator = Authenticator { route, response -> TODO() }
  }

  @Test
  fun cache() {
    val cache = Cache(File("/cache/"), Integer.MAX_VALUE.toLong())
    cache.initialize()
    cache.delete()

	// verifier, or until context canceled.
	initFn := func(ctx context.Context) (done bool, err error) {
		klog.V(4).Infof("oidc authenticator: attempting init: iss=%v", iss)
		v, err := initVerifier(ctx, c, iss, audiences)
		if err != nil {
			klog.Errorf("oidc authenticator: async token verifier for issuer: %q: %v", iss, err)
			return false, nil
		}
		t.m.Lock()
		defer t.m.Unlock()
		t.v = v
		close(sync)

	defer server.Close()

	// Create a JWT authenticator
	jwtRuleStr := `{"issuer": "` + server.URL + `", "jwks_uri": "` + server.URL + `", "audiences": ["baz.svc.id.goog"]}`
	jwtRule := v1beta1.JWTRule{}
	err = json.Unmarshal([]byte(jwtRuleStr), &jwtRule)
	if err != nil {
		t.Fatalf("failed at unmarshal jwt rule")
	}

If the response issues an authorization challenge, OkHttp will ask the [`Authenticator`](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-authenticator/) (if one is configured) to satisfy the challenge. If the authenticator supplies a credential, the request is retried with that credential included.

## Retrying Requests

    private String url;
    private SmbAuthException sae;

    private void reset() {
        url = null;
        sae = null;
    }

/**
Set the default <tt>NtlmAuthenticator</tt>. Once the default authenticator is set it cannot be changed. Calling this metho again will have no effect.
 */

    public synchronized static void setDefault( NtlmAuthenticator a ) {
        if( auth != null ) {
            return;
        }

		authenticatorConfig.CustomDial = egressDialer
	}

	// var openAPIV3SecuritySchemes spec3.SecuritySchemes
	authenticator, updateAuthenticationConfig, openAPIV2SecurityDefinitions, openAPIV3SecuritySchemes, err := authenticatorConfig.New(ctx)
	if err != nil {
		return err
	}
	authInfo.Authenticator = authenticator

	if len(o.AuthenticationConfigFile) > 0 {
		authenticationconfigmetrics.RegisterMetrics()

    val hostnameVerifier: HostnameVerifier = client.hostnameVerifier()
    val certificatePinner: CertificatePinner = client.certificatePinner()
    val proxyAuthenticator: Authenticator = client.proxyAuthenticator()
    val authenticator: Authenticator = client.authenticator()
    val connectionPool: ConnectionPool = client.connectionPool()
    val dns: Dns = client.dns()
    val followSslRedirects: Boolean = client.followSslRedirects()