}

    /**
     * Adds a search log to the queue.
     *
     * @param params The search request parameters.
     * @param requestedTime The time the search was requested.
     * @param queryId The ID of the search query.
     * @param query The search query.
     * @param pageStart The starting page number.
     * @param pageSize The size of the page.

export MINIO_IDENTITY_OPENID_CONFIG_URL=https://accounts.google.com/.well-known/openid-configuration
export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
# Optional: Allow to specify the requested OpenID scopes (OpenID only requires the `openid` scope)
#export MINIO_IDENTITY_OPENID_SCOPES="openid,profile,email"
minio server /mnt/export
```

or using `mc`

```

     *
     * SPNEGO authentication typically doesn't require special response handling
     * for metadata or logout operations, so this method returns null.
     *
     * @param responseType The type of SSO response requested
     * @return Always returns null for SPNEGO authentication
     */
    @Override
    public ActionResponse getResponse(final SsoResponseType responseType) {
        return null;
    }

    /**

<img src="/img/tutorial/security/image11.png">

## JWT token with scopes { #jwt-token-with-scopes }

Now, modify the token *path operation* to return the scopes requested.

We are still using the same `OAuth2PasswordRequestForm`. It includes a property `scopes` with a `list` of `str`, with each scope it received in the request.

And we return the scopes as part of the JWT token.

For active-active replication, automatic failover occurs on `GET/HEAD` operations if object or object version requested qualifies for replication and is missing on one site, but present on the other. This allows the applications to take full advantage of two-way replication even before the two sites get fully synced.

		writeErrorResponseHeadersOnly(w, toAPIError(ctx, err))
		return
	}

	// s3zip does not allow ranges.
	w.Header().Del(xhttp.AcceptRanges)

	// Set any additional requested response headers.
	setHeadGetRespHeaders(w, r.Form)

	// Successful response.
	w.WriteHeader(http.StatusOK)
}

	cred := globalActiveCred
	if err := signRequestV4(req, cred.AccessKey, cred.SecretKey); err != nil {
		t.Fatalf("Unable to initialized new signed http request %s", err)
	}
	return req
}

// Tests is requested authenticated function, tests replies for s3 errors.
func TestIsReqAuthenticated(t *testing.T) {
	ctx, cancel := context.WithCancel(GlobalContext)
	defer cancel()

	objLayer, fsDir, err := prepareFS(ctx)

            return lastAccessTime;
        }
    }

    /**
     * Request a lease for a file path
     *
     * @param path file path
     * @param requestedState requested lease state
     * @return lease key for the request
     */
    public Smb2LeaseKey requestLease(String path, int requestedState) {
        lock.writeLock().lock();
        try {

	if s3Err != ErrNone {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL)
		return
	}

	userDN := r.Form.Get("userDN")

	// If listing is requested for a specific user (who is not the request
	// sender), check that the user has permissions.
	if userDN != "" && userDN != cred.ParentUser {
		if !globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,

// The above means that any added/deleted fields are incompatible.
// Make sure to bump the internode version at storage-rest-common.go
type RawFileInfo struct {
	// Content of entire xl.meta (may contain data depending on what was requested by the caller.
	Buf []byte `msg:"b,allownil"`
}

// FileInfo - represents file stat information.
// The above means that any added/deleted fields are incompatible.