~ export MINIO_IDENTITY_OPENID_CLAIM_NAME=name
~ export MINIO_IDENTITY_OPENID_CONFIG_URL=http://127.0.0.1:5556/dex/.well-known/openid-configuration
~ minio server ~/test
```

### Run the `web-identity.go`

```
~ go run web-identity.go -cid example-app -csec ZXhhbXBsZS1hcHAtc2VjcmV0 \
     -config-ep http://127.0.0.1:5556/dex/.well-known/openid-configuration \
     -cscopes groups,openid,email,profile
```

```

    - `User Attribute` is `policy`
    - `Token Claim Name` is `policy`
    - `Claim JSON Type` is `string`
  - Save

- Open <http://localhost:8080/auth/realms/{your-realm-name}/.well-known/openid-configuration> to verify OpenID discovery document, verify it has `authorization_endpoint` and `jwks_uri`

### Enable Keycloak Admin REST API support

        Name name = new Name(mockConfig, "0.0.0.0", 0, null);
        name.scope = null;
        assertTrue(name.isUnknown());
    }

    @Test
    void isUnknown_withNormalName_shouldReturnFalse() {
        Name name = new Name(mockConfig, "TestName", 0x20, null);
        assertFalse(name.isUnknown());
    }

    @Test
    void isUnknown_withNonZeroHexCode_shouldReturnFalse() {

   * serialization tests require more setup. This no-op behavior allows test authors to intersperse
   * {@code SerializableTester} calls with other, GWT-compatible tests.
   *
   * <p>Note that the specified object may not be known by the compiler to be a {@link
   * java.io.Serializable} instance, and is thus declared an {@code Object}. For example, it might
   * be declared as a {@code List}.
   *
   * @return the re-serialized object

    // Assert that the BF "might" have all of the even numbers.
    for (int i = 0; i < numInsertions * 2; i += 2) {
      assertTrue(bf.mightContain(Integer.toString(i)));
    }

    // Now we check for known false positives using a set of known false positives.
    // (These are all of the false positives under 900.)
    ImmutableSet<Integer> falsePositives =
        ImmutableSet.of(

But a variable like `user-agent` is invalid in Python.

So, by default, `Header` will convert the parameter names characters from underscore (`_`) to hyphen (`-`) to extract and document the headers.

Also, HTTP headers are case-insensitive, so, you can declare them with standard Python style (also known as "snake_case").

  private HostSpecifier(String canonicalForm) {
    this.canonicalForm = canonicalForm;
  }

  /**
   * Returns a {@code HostSpecifier} built from the provided {@code specifier}, which is already
   * known to be valid. If the {@code specifier} might be invalid, use {@link #from(String)}
   * instead.
   *
   * <p>The specifier must be in one of these formats:
   *
   * <ul>
   *   <li>A domain name, like {@code google.com}

 *  * The client's handshake certificates must include a set of trusted root certificates. They will
 *    be used to authenticate the server's certificate chain. Typically this is a set of well-known
 *    root certificates that is distributed with the HTTP client or its platform. It may be
 *    augmented by certificates private to an organization or service.
 *
 * ### Client Authentication
 *

# Always check-out / check-in files with LF line endings.
* text=auto eol=lf

hack/verify-flags/known-flags.txt merge=union
test/test_owners.csv merge=union

**/zz_generated.*.go linguist-generated=true
**/types.generated.go linguist-generated=true
**/generated.pb.go linguist-generated=true
**/generated.proto
**/types_swagger_doc_generated.go linguist-generated=true
api/openapi-spec/*.json linguist-generated=true

# line endings. This produces predictable results in different environments.
#
# Windows users contributing to Go will need to use a modern version
# of git and editors capable of LF line endings.
#
# Windows .bat files are known to have multiple bugs when run with LF
# endings, and so they are checked in with CRLF endings, with a test
# in test/winbatch.go to catch problems. (See golang.org/issue/37791.)
#