`AssumeRoleWithCustomToken` STS API extension. A user or application can now present a token to the `AssumeRoleWithCustomToken` API, and MinIO verifies this token by sending it to the Identity Management Plugin webhook. This plugin responds with some information and MinIO is able to generate temporary STS credentials to interact with object storage.

The authentication flow is similar to that of OpenID, however the token is "opaque" to MinIO - it is simply sent to the plugin for verification. CAVEAT:...

    }

    /**
     * Test parsing of {@link KerberosConstants#AUTH_DATA_PAC} with an invalid token.
     * Expects a {@link PACDecodingException} to be thrown.
     */
    @Test
    void testParseAuthDataPacWithInvalidToken() {
        // GIVEN an invalid token for AUTH_DATA_PAC
        byte[] invalidToken = "invalid-pac-token".getBytes();

        // WHEN parsing the auth data
        // THEN a PACDecodingException should be thrown

		},
	},
}

func mainHandler(w http.ResponseWriter, r *http.Request) {
	token := r.FormValue("token")
	if token == "" {
		writeErrorResponse(w, errors.New("token parameter not given"))
		return
	}

	rsp, ok := tokens[token]
	if !ok {
		w.WriteHeader(http.StatusForbidden)
		return
	}

	fmt.Printf("Allowed for token: %s user: %s\n", token, rsp.User)

	w.WriteHeader(http.StatusOK)
	json.NewEncoder(w).Encode(rsp)

					s.token = token
					s.done = true
					// When token is not nil, it means the scanning stops
					// with a trailing token, and thus the return value
					// should be true to indicate the existence of the token.
					return token != nil
				}
				s.setErr(err)
				return false
			}
			if !s.advance(advance) {
				return false
			}
			s.token = token
			if token != nil {

        super();
    }

    /**
     * The unique identifier of the access token being edited.
     * This is a required field for identifying which token to update.
     */
    @Required
    @Size(max = 1000)
    public String id;

    /**
     * The username of the user who last updated this access token.
     * Used for audit trail purposes to track who made changes.
     */
    @Size(max = 1000)

        this.offset = offset;
        this.token = token;
        this.length = length;
    }

    /**
     * Get buffer offset
     *
     * @return offset within registered buffer
     */
    public long getOffset() {
        return offset;
    }

    /**
     * Get RDMA token
     *
     * @return RDMA provider token
     */
    public int getToken() {
        return token;

    private static SpnegoToken getToken(final byte[] token, final int off, final int len) throws SpnegoException {
        byte[] b = new byte[len];
        if (off == 0 && token.length == len) {
            b = token;
        } else {
            System.arraycopy(token, off, b, 0, len);
        }
        return getToken(b);
    }

    private static SpnegoToken getToken(final byte[] token) throws SpnegoException {

        SMBUtil.writeInt2(this.token != null ? this.token.length : 0, dst, dstIndex);
        dstIndex += 2;
        SMBUtil.writeInt8(this.previousSessionId, dst, dstIndex);
        dstIndex += 8;
        SMBUtil.writeInt2(dstIndex - getHeaderStart(), dst, offsetOffset);

        dstIndex += pad8(dstIndex);

        if (this.token != null) {
            System.arraycopy(this.token, 0, dst, dstIndex, this.token.length);

	// This is traditionally the client identifier issued to the application that
	// requested the client grants.
	Audience string `xml:",omitempty"`

	// The temporary security credentials, which include an access key ID, a secret
	// access key, and a security (or session) token.
	//
	// Note: The size of the security token that STS APIs return is not fixed. We

 * com.google.guava:listenablefuture:1.0 artifact. (For more on that artifact, see
 * https://github.com/google/guava/releases/tag/v27.0) This means that the copy of ListenableFuture
 * in com.google.guava:guava differs from the "frozen" copy in the listenablefuture artifact. This
 * could in principle cause problems for some users. Still, we expect that the benefits of the