"net/url"
	"strings"
	"time"

	"github.com/minio/minio/internal/auth"
	xhttp "github.com/minio/minio/internal/http"
)

// credentialHeader data type represents structured form of Credential
// string from authorization header.
type credentialHeader struct {
	accessKey string
	scope     struct {
		date    time.Time
		region  string
		service string
		request string
	}
}

// Return scope string.

				},
				Header: http.Header{
					"Authorization": []string{"Bearer 12313123"},
				},
			},
			authT: authTypeJWT,
		},
		// Test case - 3
		// Empty authorization header.
		{
			req: &http.Request{
				URL: &url.URL{
					Host:   "127.0.0.1:9000",
					Scheme: httpScheme,
					Path:   SlashSeparator,
				},
				Header: http.Header{
					"Authorization": []string{""},
				},
			},

		return checkKeyValid(r, accessKey)
	}

	// below is V2 Signed Auth header format, splitting on `space` (after the `AWS` string).
	// Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature
	authFields := strings.Split(r.Header.Get(xhttp.Authorization), " ")
	if len(authFields) != 2 {
		return auth.Credentials{}, false, ErrMissingFields
	}

// Package cmd This file implements helper functions to validate AWS
// Signature Version '4' authorization header.
//
// This package provides comprehensive helpers for following signature
// types.
// - Based on Authorization header.
// - Based on Query parameters.
// - Based on Form POST policy.
package cmd

import (
	"bytes"
	"crypto/subtle"
	"encoding/hex"

      "Successful auth!",
    )

    // No authorization header for the first request...
    var request = server.takeRequest()
    assertThat(request.headers["Authorization"]).isNull()

    // ...but the three requests that follow include an authorization header.
    for (i in 0..2) {
      request = server.takeRequest()

The JSON body structure can be seen from this sample:

<details><summary>Request Body Sample</summary>

```json
{
  "input": {
    "account": "minio",
    "groups": null,
    "action": "s3:ListBucket",
    "bucket": "test",
    "conditions": {
      "Authorization": [

В качестве списка источников можно указать подстановочный символ `"*"` ("wildcard"), чтобы разрешить любые источники.

Но тогда не будут разрешены некоторые виды взаимодействия, включая всё связанное с учётными данными: куки, заголовки Authorization с Bearer-токенами наподобие тех, которые мы использовали ранее и т.п.

Поэтому, чтобы всё работало корректно, лучше явно указывать список разрешённых источников.

## Использование `CORSMiddleware`

    /** Address family: CHANET */
    int AF_CHANET = 5;
    /** Address family: XNS */
    int AF_XNS = 6;
    /** Address family: ISO */
    int AF_ISO = 7;

    /** Authorization data type: Relevant */
    int AUTH_DATA_RELEVANT = 1;
    /** Authorization data type: PAC */
    int AUTH_DATA_PAC = 128;

    /** DES encryption type identifier */
    int DES_ENC_TYPE = 3;
    /** RC4 encryption type identifier */

        }).orElse(null);
    }

    /**
     * Generates the Azure AD authorization URL for the authentication request.
     * @param request The HTTP servlet request.
     * @return The authorization URL to redirect the user to.
     */
    protected String getAuthUrl(final HttpServletRequest request) {
        final String state = UuidUtil.create();

)

// Verify if request has JWT.
func isRequestJWT(r *http.Request) bool {
	return strings.HasPrefix(r.Header.Get(xhttp.Authorization), jwtAlgorithm)
}

// Verify if request has AWS Signature Version '4'.
func isRequestSignatureV4(r *http.Request) bool {
	return strings.HasPrefix(r.Header.Get(xhttp.Authorization), signV4Algorithm)
}

// Verify if request has AWS Signature Version '2'.
func isRequestSignatureV2(r *http.Request) bool {