}
		if prefix != testCase.prefix {
			t.Errorf("Test %d: Expected %s, got %s", i+1, testCase.prefix, prefix)
		}
		if token != testCase.token {
			t.Errorf("Test %d: Expected %s, got %s", i+1, testCase.token, token)
		}
		if startAfter != testCase.startAfter {
			t.Errorf("Test %d: Expected %s, got %s", i+1, testCase.startAfter, startAfter)
		}
		if delimiter != testCase.delimiter {

        Exception cause = new RuntimeException("Token validation failed");
        SsoLoginException exception = new SsoLoginException(message, cause);

        assertEquals(message, exception.getMessage());
        assertNotNull(exception.getCause());
        assertEquals(cause, exception.getCause());
        assertEquals("Token validation failed", exception.getCause().getMessage());
    }

        // Test constructor with whitespace in type
        String type = "  Bearer Token  ";
        String message = "Whitespace in token type";
        InvalidAccessTokenException exception = new InvalidAccessTokenException(type, message);

        assertEquals("  Bearer Token  ", exception.getType());
        assertEquals(message, exception.getMessage());
        assertNull(exception.getCause());

	// This is traditionally the client identifier issued to the application that
	// requested the client grants.
	Audience string `xml:",omitempty"`

	// The temporary security credentials, which include an access key ID, a secret
	// access key, and a security (or session) token.
	//
	// Note: The size of the security token that STS APIs return is not fixed. We

Decodifique o token recebido, verifique-o e retorne o usuário atual.

Se o token for inválido, retorne um erro HTTP imediatamente.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Atualize a *operação de rota* `/token`

Crie um `timedelta` com o tempo de expiração do token.

Crie um token de acesso JWT real e o retorne.

import org.codelibs.fess.app.web.api.admin.BaseSearchBody;

/**
 * Search request body for access token administration.
 * Extends BaseSearchBody with access token-specific search parameters.
 */
public class SearchBody extends BaseSearchBody {

    /** The access token ID to search for. */
    public String id;

    /**
     * Default constructor for SearchBody.
     */
    public SearchBody() {

            }
            return permissions;
        }

        @Override
        public boolean refresh() {
            // MSAL4J handles token refresh internally through silent authentication
            // Check if token is still valid by comparing absolute timestamps
            final long tokenExpiryTime = authResult.expiresOnDate().getTime(); // milliseconds since epoch

    * As we said above, only one process can be listening on a specific IP and port.
    * This is one of the reasons why it's very useful when the same TLS Termination Proxy also takes care of the certificate renewal process.

## API Request Parameters

### Token

The OAuth 2.0 access token that is provided by the identity provider. Application must get this token by authenticating the application using client credential grants before the application makes an AssumeRoleWithClientGrants call.

	// end of the token. It's where you are now, and you just read this token.
	if tok == '(' && in.Stack.Col() == prevCol+1 {
		// Macro has arguments. Scan list of formals.
		acceptArg := true
		args = []string{} // Zero length but not nil.
	Loop:
		for {
			tok = in.Stack.Next()
			switch tok {
			case ')':
				tok = in.Stack.Next() // First token of macro definition.
				break Loop