// Authentication Type Constants
    // ============================================================

    /** Basic authentication type identifier. */
    public static final String BASIC = "BASIC";

    /** Digest authentication type identifier. */
    public static final String DIGEST = "DIGEST";

    /** NTLM authentication type identifier. */

 * </p>
 * <ul>
 *   <li>{@code S3_ENDPOINT}: The endpoint URL of the S3 service.</li>
 *   <li>{@code S3_ACCESS_KEY}: The access key for authentication.</li>
 *   <li>{@code S3_SECRET_KEY}: The secret key for authentication.</li>
 *   <li>{@code S3_REGION}: The region of the S3 service (default: us-east-1).</li>
 * </ul>
 *
 * <p>

 */

package jcifs.smb1.https;

/**
 * A <code>URLStreamHandler</code> used to provide NTLM authentication
 * capabilities to the default HTTPS handler.  This acts as a wrapper,
 * handling authentication and passing control to the underlying
 * stream handler.
 */
public class Handler extends jcifs.smb1.http.Handler {

    /**

 */
package org.codelibs.fess.exception;

/**
 * Exception thrown when SSO (Single Sign-On) login operations fail.
 *
 * This exception is used to indicate various SSO authentication failures
 * including configuration errors, authentication token validation failures,
 * communication issues with SSO providers, and other SSO-related problems.
 */
public class SsoLoginException extends FessSystemException {

import jcifs.smb1.ntlmssp.Type3Message;
import jcifs.smb1.util.Base64;

/**
 * Wraps an <code>HttpURLConnection</code> to provide NTLM authentication
 * services.
 *
 * Please read <a href="../../../httpclient.html">Using jCIFS NTLM Authentication for HTTP Connections</a>.
 */
public class NtlmHttpURLConnection extends HttpURLConnection {

    /** Whether to send NTLM target name during authentication */
    protected boolean sendNTLMTargetName = true;
    private byte[] machineId;
    /** Username for guest authentication */
    protected String guestUsername = "GUEST";
    /** Password for guest authentication */
    protected String guestPassword = "";
    /** Whether to allow fallback to guest authentication */
    protected boolean allowGuestFallback = false;

 * </p>
 * <ul>
 *   <li>{@code STORAGE_ENDPOINT}: The endpoint URL of the MinIO service.</li>
 *   <li>{@code STORAGE_ACCESS_KEY}: The access key for authentication.</li>
 *   <li>{@code STORAGE_SECRET_KEY}: The secret key for authentication.</li>
 *   <li>{@code STORAGE_REGION}: The region of the MinIO service.</li>
 * </ul>
 *
 * <p>

        // Verify
        assertNotNull(result, "Authentication result should not be null");
        assertEquals("DOMAIN", result.getUserDomain());
        assertEquals("user", result.getUsername());
        // Cannot verify challenge and responses as they are not exposed in the API

        // Verify that the response is not modified for a successful authentication

        assertThrows(IllegalStateException.class, () -> closedAuth.getPasswordAsCharArray());
    }

    /**
     * Test authentication TTL (Time To Live)
     */
    @Test
    @DisplayName("Test authentication TTL expiration")
    public void testAuthenticationTTL() throws InterruptedException {
        NtlmPasswordAuthenticator auth = new NtlmPasswordAuthenticator("user", "TTLTestPass123!");

The `password` "flow" is one of the ways ("flows") defined in OAuth2, to handle security and authentication.

OAuth2 was designed so that the backend or API could be independent of the server that authenticates the user.

But in this case, the same **FastAPI** application will handle the API and the authentication.

So, let's review it from that simplified point of view: