github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 h1:oygO0locgZJe7PpYPXT5A29ZkwJaPqcva7BVeemZOZs=

//   notify:
//     endpoint: "https://notify.endpoint" # notification endpoint to receive job status events
//     token: "Bearer xxxxx" # optional authentication token for the notification endpoint

//   retry:
//     attempts: 10 # number of retries for the job before giving up
//     delay: "500ms" # least amount of delay between each retry

                log.trace("doConnect: " + addr);
            }
            t.treeConnect(null, null);
            return t.acquire();
        } catch (final SmbAuthException sae) {
            log.debug("Authentication failed", sae);
            return retryAuthentication(loc, share, trans, t, referral, sae);
        }
    }

  - Promoted the `ServiceAccountTokenPodNodeInfo` feature to GA, which adds the node name and uid as claims into service account tokens mounted into running pods, and embeds that information as `authentication.kubernetes.io/node-name` and `authentication.kubernetes.io/node-uid` user extra info when the token is used

it might be nice to allow a user to activate/deactivate a plugin instead of having to uninstall and reinstall a plugin in particular cases. This would prevent having to reconfigure the plugin again. For example it might be nice to turn off LDAP authentication without having to uninstall the plugin.

These particular phases in a plugin’s lifecycle can probably be generalized to all plugins so could be something implemented in all plugins. Here we could have the descriptor either point to methods...

   *
   *  * For redirects (301: Moved Permanently, 302: Temporary Redirect, etc.)
   *  * For auth challenges (401: Unauthorized, 407: Proxy Authentication Required.)
   *  * For client timeouts (408: Request Time-Out.)
   *  * For server failures (503: Service Unavailable.)
   *
   * Response header values like `Location` and `Retry-After` are also considered.
   *

    public static final int ACB_NOT_DELEGATED = 16384;
    /** Account control bit flag: Use DES encryption keys only */
    public static final int ACB_USE_DES_KEY_ONLY = 32768;
    /** Account control bit flag: Pre-authentication is not required */
    public static final int ACB_DONT_REQUIRE_PREAUTH = 65536;

    /**
     * SAMR CloseHandle operation for closing an opened SAM handle.

    public static final int ACB_NOT_DELEGATED = 16384;
    /** Account control bit flag: Use DES encryption keys only */
    public static final int ACB_USE_DES_KEY_ONLY = 32768;
    /** Account control bit flag: Pre-authentication is not required */
    public static final int ACB_DONT_REQUIRE_PREAUTH = 65536;

    /**
     * SAMR CloseHandle operation for closing an opened SAM handle.

                answer: 'Generating answer...'
            },
            errors: {
                rate_limit: 'It\'s currently busy. Please wait a moment and try again.',
                auth_error: 'AI service authentication failed. Please contact the administrator.',
                service_unavailable: 'The AI service is temporarily unavailable. Please try again later.',
                timeout: 'The request timed out. Please try again.',

			}

			defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
			invalidReq := errorCodes.ToAPIErr(ErrInvalidRequest)
			invalidReq.Description = fmt.Sprintf("%s (request has multiple authentication types, please use one)", invalidReq.Description)
			writeErrorResponse(r.Context(), w, invalidReq, r.URL)
			atomic.AddUint64(&globalHTTPStats.rejectedRequestsInvalid, 1)
			return
		}