}
	} else {
		// Temporary credentials are not allowed.
		if ui.Credentials.IsTemp() {
			return nil, errAuthentication
		}
		if subtle.ConstantTimeCompare([]byte(ui.Credentials.SecretKey), pass) != 1 {
			return nil, errAuthentication
		}
	}

	copts := map[string]string{
		"AccessKey": ui.Credentials.AccessKey,
		"SecretKey": ui.Credentials.SecretKey,
	}
	if ui.Credentials.IsTemp() {

package main

// This programs mocks user interaction against Dex IDP and generates STS
// credentials. It is for MinIO testing purposes only.
//
// Run like:
//
// $ MINIO_ENDPOINT=http://localhost:9000 go run gen-oidc-sts-cred.go

import (
	"context"
	"fmt"
	"log"
	"net/http"
	"os"

	cr "github.com/minio/minio-go/v7/pkg/credentials"
	cmd "github.com/minio/minio/cmd"
)

func main() {
	ctx := context.Background()

import (
	"bytes"
	"testing"

	"github.com/minio/madmin-go/v3"
	"github.com/minio/minio/internal/auth"
)

func TestDecryptData(t *testing.T) {
	cred1 := auth.Credentials{
		AccessKey: "minio",
		SecretKey: "minio123",
	}

	cred2 := auth.Credentials{
		AccessKey: "minio",
		SecretKey: "minio1234",
	}

	data := []byte(`config data`)
	edata1, err := madmin.EncryptData(cred1.String(), data)
	if err != nil {

import jcifs.CIFSContext;
import jcifs.Configuration;
import jcifs.Credentials;
import jcifs.SmbTransportPool;
import jcifs.internal.dfs.DfsReferralDataInternal;

class DfsImplTest {

    private DfsImpl dfsImpl;
    private CIFSContext mockContext;
    private Configuration mockConfig;
    private Credentials mockCredentials;
    private SmbTransportPool mockTransportPool;

    @BeforeEach

** Note **
Previously, site replication required the root credentials of peer sites to be identical. This is no longer necessary because STS tokens are now signed with the site replicator service account credentials, thus allowing flexibility in the independent management of root accounts across sites and the ability to disable root accounts eventually.

        @Override
        public CredentialsInternal renew() {
            // Returns itself as the renewed credentials
            return this;
        }
    }

    static class NewRenewingCreds extends BaseCreds {
        @Override
        public CredentialsInternal renew() {
            // Returns a distinct, new credentials instance
            return new NewRenewingCreds();
        }
    }

	}
	// validate if target credentials are ok
	exists, err := clnt.BucketExists(ctx, tgt.TargetBucket)
	if err != nil {
		switch minio.ToErrorResponse(err).Code {
		case "NoSuchBucket":
			return BucketRemoteTargetNotFound{Bucket: tgt.TargetBucket, Err: err}
		case "AccessDenied":
			return RemoteTargetConnectionErr{Bucket: tgt.TargetBucket, AccessKey: tgt.Credentials.AccessKey, Err: err}
		}

// request, including temporary credentials that can be used to make
// MinIO API requests.
type AssumeRoleResult struct {
	// The identifiers for the temporary security credentials that the operation
	// returns.
	AssumedRoleUser AssumedRoleUser `xml:",omitempty"`

	// The temporary security credentials, which include an access key ID, a secret
	// access key, and a security (or session) token.

        verify(mockDelegate).hasDefaultCredentials();
    }

    @Test
    void testWithCredentials() {
        // Test withCredentials(Credentials creds) method
        Credentials mockCredentials = mock(Credentials.class);
        CIFSContext mockNewContext = mock(CIFSContext.class);
        when(mockDelegate.withCredentials(mockCredentials)).thenReturn(mockNewContext);

⤴️ 👥 💪 ⚙️ `secrets.compare_digest()` 🚚 👈 `credentials.username` `"stanleyjobson"`, & 👈 `credentials.password` `"swordfish"`.

{* ../../docs_src/security/tutorial007.py hl[1,11:21] *}

👉 🔜 🎏:

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # Return some error
    ...
```