if err != nil {
		t.Fatal(err)
	}

                case PacConstants.LOGON_INFO:
                    // PAC Credential Information
                    if (this.logonInfo == null) {
                        this.logonInfo = new PacLogonInfo(bufferData);
                    }
                    break;
                case PacConstants.CREDENTIAL_TYPE:
                    // PAC Credential Type
                    this.credentialType = new PacCredentialType(bufferData);

		"s3:GetObject",
		"s3:PutObject"
	  ],
	  "Effect": "Allow",
	  "Resource": ["arn:aws:s3:::mybucket/${aws:username}/*"]
	}
  ]
}
```

If the user is authenticating using an STS credential which was authorized from OpenID connect we allow all `jwt:*` variables specified in the JWT specification, custom `jwt:*` or extensions are not supported. List of policy variables for OpenID based STS.

- `jwt:sub`
- `jwt:iss`

                                          preload_content=True,
                                          )
            if response.status != 200:
                message = "Credential refresh failed, response: %s"
                raise CredentialRetrievalError(
                    provider=method,
                    error_msg=message % response.status,
                )

import java.nio.charset.Charset
import kotlin.text.Charsets.ISO_8859_1
import okio.ByteString.Companion.encode

/** Factory for HTTP authorization credentials. */
object Credentials {
  /** Returns an auth credential for the Basic scheme. */
  @JvmStatic @JvmOverloads
  fun basic(
    username: String,
    password: String,
    charset: Charset = ISO_8859_1,
  ): String {
    val usernameAndPassword = "$username:$password"

            println("Authenticating for response: $response")
            println("Challenges: ${response.challenges()}")
            val credential = Credentials.basic("jesse", "password1")
            return response.request
              .newBuilder()
              .header("Authorization", credential)
              .build()
          }
        },
      ).build()

  fun run() {
    val request =
      Request

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.app.web.base.login;

import org.lastaflute.web.login.credential.UserPasswordCredential;

/**
 * The credential for a local user.
 */
public class LocalUserCredential extends UserPasswordCredential implements FessCredential {
    /**

## Retrying Requests

    /**
     * PAC structure version number.
     */
    int PAC_VERSION = 0;

    /**
     * Buffer type for user logon information.
     */
    int LOGON_INFO = 1;
    /**
     * Buffer type for credential information.
     */
    int CREDENTIAL_TYPE = 2;
    /**
     * Buffer type for server checksum signature.
     */
    int SERVER_CHECKSUM = 6;
    /**

	// Get string to sign from canonical request.
	presignedStringToSign := getStringToSign(presignedCanonicalReq, t, pSignValues.Credential.getScope())

	// Get hmac presigned signing key.
	presignedSigningKey := getSigningKey(cred.SecretKey, pSignValues.Credential.scope.date,
		pSignValues.Credential.scope.region, stype)

	// Get new signature.
	newSignature := getSignature(presignedSigningKey, presignedStringToSign)