if filterLifecycle(bucket, version.Name, version) {
					expired++
					stopFn(version.Size, errors.New("ILM expired object/version will be skipped"))
					continue
				}

				// any object with only single DEL marker we don't need
				// to rebalance, just skip it, this also includes
				// any other versions that have already expired.

		Description:    "The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrSTSClientGrantsExpiredToken: {
		Code:           "ExpiredToken",

That way, you can create a token with an expiration of, let's say, 1 week. And then when the user comes back the next day with the token, you know that user is still logged in to your system.

	// TransitionVersionID stores a version ID of the object associate
	// with the remote tier.
	TransitionVersionID string `msg:"tv"`
	// ExpireRestored indicates that the restored object is to be expired.
	ExpireRestored bool `msg:"exp"`

	// DataDir of the file
	DataDir string `msg:"dd"`

	// Indicates if this object is still in V1 format.
	XLV1 bool `msg:"v1"`

		return ErrRequestNotReadyYet
	}

	if UTCNow().Sub(pSignValues.Date) > pSignValues.Expires {
		return ErrExpiredPresignRequest
	}

	// Save the date and expires.
	t := pSignValues.Date
	expireSeconds := int(pSignValues.Expires / time.Second)

	// Construct new query.
	query := make(url.Values)
	clntHashedPayload := req.Form.Get(xhttp.AmzContentSha256)

		}
	}
}

var decryptObjectMetaTests = []struct {
	info    ObjectInfo
	request *http.Request
	expErr  error
}{
	{
		info:    ObjectInfo{Size: 100},
		request: &http.Request{Header: http.Header{}},
		expErr:  nil,
	},
	{
		info:    ObjectInfo{Size: 100, UserDefined: map[string]string{crypto.MetaAlgorithm: crypto.InsecureSealAlgorithm}},

				}
				if !oauth2Token.Valid() {
					return nil, errors.New("invalid token")
				}

				return &credentials.WebIdentityToken{
					Token:  oauth2Token.Extra("id_token").(string),
					Expiry: int(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds()),
				}, nil
			}
		}

		sts, err := credentials.NewSTSWebIdentity(stsEndpoint, getWebTokenExpiry)
		if err != nil {

	purgeStart := time.Now()

	// Purge expired STS credentials.

	// Scan STS users on disk and purge expired ones.
	stsAccountsFromStore := map[string]UserIdentity{}
	stsAccPoliciesFromStore := xsync.NewMapOf[string, MappedPolicy]()
	for _, item := range listedConfigItems[stsListKey] {
		userName := path.Dir(item)
		// loadUser() will delete expired user during the load.

                    throw new SmbException("Account '" + username + "' is locked out until " + account.getLockoutExpiry());
                } else {
                    // Lockout expired, reset
                    account.reset();
                }
            }
        }

        // Check per-IP limit
        if (sourceIp != null) {

   * Load cookies from the jar for an HTTP request to [url]. This method returns a possibly
   * empty list of cookies for the network request.
   *
   * Simple implementations will return the accepted cookies that have not yet expired and that
   * [match][Cookie.matches] [url].
   */
  fun loadForRequest(url: HttpUrl): List<Cookie>

  companion object {
    /** A cookie jar that never accepts any cookies. */
    @JvmField