if u.Credentials.Status == auth.AccountOff {
					return nil, errAccessKeyDisabled
				}
				return nil, errInvalidAccessKeyID
			}
			cred := u.Credentials
			// Expired credentials return error.
			if cred.IsTemp() && cred.IsExpired() {
				return nil, errInvalidAccessKeyID
			}
			return []byte(cred.SecretKey), nil
		} // this means claims.AccessKey == rootAccessKey

		ACB_WSTRUST                = 0x00000080, /* 1 = Workstation trust account */
		ACB_SVRTRUST               = 0x00000100, /* 1 = Server trust account */
		ACB_PWNOEXP                = 0x00000200, /* 1 = User password does not expire */
		ACB_AUTOLOCK               = 0x00000400, /* 1 = Account auto locked */
		ACB_ENC_TXT_PWD_ALLOWED    = 0x00000800, /* 1 = Encryped text password is allowed */

                        && expiredTime.longValue() < ComponentUtil.getSystemHelper().getCurrentTimeAsLong()) {
                    throw new InvalidAccessTokenException("invalid_token",
                            "The token is expired(" + FessFunctions.formatDate(FessFunctions.date(expiredTime)) + ").");
                }
                stream(accessToken.getPermissions()).of(stream -> stream.forEach(permissionSet::add));

        assertNotNull(WitnessRegistration.WitnessRegistrationState.UNREGISTERING);
        assertNotNull(WitnessRegistration.WitnessRegistrationState.FAILED);
        assertNotNull(WitnessRegistration.WitnessRegistrationState.EXPIRED);
    }

    @Test
    void testEnumToStringConversions() {
        // Test that enum toString methods work properly
        assertEquals("CLUSTER_WITNESS", WitnessServiceType.CLUSTER_WITNESS.toString());

- In `Compliance` mode, objects cannot be deleted by anyone until retention period has expired for the given version id. If user has governance bypass permissions, an object's retention date can be extended in `Compliance` mode.
- Once object lock configuration is set to a bucket

     */
    @Size(max = 20)
    public String name;

    /**
     * The expiration time for the crawling session.
     * This field indicates when the crawling session should expire or be cleaned up.
     */
    public String expiredTime;

    /**
     * The timestamp when this crawling session was created.
     * Stored as a long value representing milliseconds since epoch.
     */

time="2020-07-12T20:45:50Z" level=info msg="config response types accepted: [code token id_token]"
time="2020-07-12T20:45:50Z" level=info msg="config using password grant connector: local"
time="2020-07-12T20:45:50Z" level=info msg="config signing keys expire after: 3h0m0s"
time="2020-07-12T20:45:50Z" level=info msg="config id tokens valid for: 3h0m0s"
time="2020-07-12T20:45:50Z" level=info msg="listening (http) on 0.0.0.0:5556"
```

### Configure MinIO server with Dex

    val pool = routePlanner.pool

    // Add a connection to the pool that won't expire for a while
    routePlanner.defaultConnectionIdleAtNanos = expireLater
    setPolicy(pool, address, AddressPolicy(1))
    assertThat(pool.connectionCount()).isEqualTo(1)

    // All other connections created will expire sooner
    routePlanner.defaultConnectionIdleAtNanos = expireSooner

            if (tokenExpiryTime < currentTime) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Token expired: expiryTime={}, currentTime={}", tokenExpiryTime, currentTime);
                }
                return false;
            }
            // Attempt to refresh token using MSAL4J silent authentication
            try {

}
```

These credentials can now be used to perform MinIO API operations, these credentials automatically expire in 1hr. To understand more about credential expiry duration and client grants STS API read further [here](https://github.com/minio/minio/blob/master/docs/sts/client-grants.md).

## Explore Further