Use `Response.challenges()` to get the schemes and realms of any authentication challenges. When fulfilling a `Basic` challenge, use `Credentials.basic(username, password)` to encode the request header.

public class NtlmNtHashAuthenticator extends NtlmPasswordAuthenticator {

    private static final long serialVersionUID = 4328214169536360351L;
    private final byte[] ntHash;


    /**
     * Create username/password credentials with specified domain
     * 
     * @param domain
     * @param username
     * @param passwordHash
     *            NT password hash
     */

    response = client.get("/users/me", headers={"Authorization": "Bearer nonexistent"})
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Could not validate credentials"}
    assert response.headers["WWW-Authenticate"] == 'Bearer scope="me"'


@needs_py310
def test_incorrect_token_type(client: TestClient):
    response = client.get(

    response = client.get("/users/me", headers={"Authorization": "Bearer nonexistent"})
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Could not validate credentials"}
    assert response.headers["WWW-Authenticate"] == 'Bearer scope="me"'


@needs_py39
def test_incorrect_token_type(client: TestClient):
    response = client.get(

	// Get credential.
	credentials := globalActiveCred
	if !globalReplicationPool.IsSet() {
		globalReplicationPool.Set(nil)
	}
	testServer.Obj = objLayer
	testServer.rawDiskPaths = disks
	testServer.Disks = mustGetPoolEndpoints(0, disks...)
	testServer.AccessKey = credentials.AccessKey
	testServer.SecretKey = credentials.SecretKey

## Wildcards

It's also possible to declare the list as `"*"` (a "wildcard") to say that all are allowed.

But that will only allow certain types of communication, excluding everything that involves credentials: Cookies, Authorization headers like those used with Bearer Tokens, etc.

So, for everything to work correctly, it's better to specify explicitly the allowed origins.

## Use `CORSMiddleware`

            {{- if .Values.etcd.clientCert }}
            - name: MINIO_ETCD_CLIENT_CERT
              value: "/tmp/credentials/etcd_client_cert.pem"
            {{- end }}
            {{- if .Values.etcd.clientCertKey }}
            - name: MINIO_ETCD_CLIENT_CERT_KEY
              value: "/tmp/credentials/etcd_client_cert_key.pem"
            {{- end }}
            {{- if .Values.etcd.pathPrefix }}

        System.arraycopy(clientChallenge, 0, response, 16, 8);
        return response;
    }


    /**
     * Generate the Unicode MD4 hash for the password associated with these credentials.
     * 
     * @param password
     * @param challenge
     * @return the calculated response
     * @throws GeneralSecurityException
     */

              .endpoint("https://play.min.io")
              .credentials("Q3AM3UQ867SPQQA43P2F", "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG")
              .build();

      /* Amazon S3: */
      // MinioClient minioClient =
      //     MinioClient.builder()
      //         .endpoint("https://s3.amazonaws.com")
      //         .credentials("YOUR-ACCESSKEY", "YOUR-SECRETACCESSKEY")
      //         .build();

}

func (c *check) mustCreateIAMUser(ctx context.Context, admClnt *madmin.AdminClient) madmin.Credentials {
	c.Helper()
	randUser := mustGetUUID()
	randPass := mustGetUUID()
	err := admClnt.AddUser(ctx, randUser, randPass)
	if err != nil {
		c.Fatalf("should be able to create a user: %v", err)
	}
	return madmin.Credentials{
		AccessKey: randUser,
		SecretKey: randPass,
	}
}