## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider.
## See https://docs.min.io/community/minio-object-store/operations/external-iam/configure-openid-external-identity-management.html for a tutorial on using these variables.
oidc:
  enabled: false
  configUrl: "https://identity-provider-url/.well-known/openid-configuration"
  clientId: "minio"

func main() {
	flag.Parse()
	if clientID == "" {
		flag.PrintDefaults()
		return
	}

	ddoc, err := parseDiscoveryDoc(configEndpoint)
	if err != nil {
		log.Println(fmt.Errorf("Failed to parse OIDC discovery document %s", err))
		fmt.Println(err)
		return
	}

	scopes := ddoc.ScopesSupported
	if clientScopes != "" {
		scopes = strings.Split(clientScopes, ",")
	}

	ctx := context.Background()

  login credentials.

- Allows authentication and access for all
  - Built-in IDP users and their respective service accounts
  - LDAP/AD users and their respective service accounts
  - OpenID/OIDC service accounts

- On versioned buckets, FTP/SFTP only operates on latest objects, if you need to retrieve
  an older version you must use an `S3 API client` such as [`mc`](https://github.com/minio/mc).

	github.com/alecthomas/participle v0.7.1
	github.com/beevik/ntp v1.4.3
	github.com/buger/jsonparser v1.1.1
	github.com/cespare/xxhash/v2 v2.3.0
	github.com/cheggaaa/pb v1.0.29
	github.com/coreos/go-oidc/v3 v3.14.1
	github.com/coreos/go-systemd/v22 v22.5.0
	github.com/cosnicolaou/pbzip2 v1.0.5
	github.com/dchest/siphash v1.2.3
	github.com/dustin/go-humanize v1.0.1
	github.com/eclipse/paho.mqtt.golang v1.5.0

			})
		}
	}

	return res, nil
}

// Enabled returns if configURL is enabled.
func Enabled(kvs config.KVS) bool {
	return kvs.Get(ConfigURL) != ""
}

// GetSettings - fetches OIDC settings for site-replication related validation.
// NOTE that region must be populated by caller as this package does not know.
func (r *Config) GetSettings() madmin.OpenIDSettings {
	res := madmin.OpenIDSettings{}

    }

    /**
     * Builds a default redirect URL for OpenID Connect based on the environment.
     * Uses the configured base URL or defaults to http://localhost:8080 for compatibility
     * with common OIDC provider configurations.
     *
     * @return the default redirect URL
     */
    protected String buildDefaultRedirectUrl() {
        final DynamicProperties systemProperties = ComponentUtil.getSystemProperties();

* kube-apiserver: OIDC authentication now supports requiring specific claims with `--oidc-required-claim=<claim>=<value>` Previously, there was no mechanism for a user to specify claims in the OIDC authentication process that were requid to be present in the ID Token with an expected value. This version now makes it possible to require claims support for the OIDC authentication. It allows users to pass in a `--oidc-required-claims` flag, and `key=value` pairs in the...

			// server).
			//
			// The "policy not found" error is ignored because the STS account may
			// not have a policy mapped via its parent (for e.g. in
			// OIDC/AssumeRoleWithCustomToken/AssumeRoleWithCertificate).
			err := iamOS.loadMappedPolicy(ctx, svcParent, stsUser, false, cache.iamSTSPolicyMap)
			if err != nil && !errors.Is(err, errNoSuchPolicy) {

- Reverted a kubectl azure auth module change where oidc claim spn: prefix was omitted resulting a breaking behavior with existing Azure AD OIDC enabled api-server ([#87507](https://github.com/kubernetes/kubernetes/pull/87507), [@weinong](https://github.com/weinong)) [SIG API Machinery, Auth and Cloud Provider]

- Reverted a kubectl azure auth module change where oidc claim spn: prefix was omitted resulting a breaking behavior with existing Azure AD OIDC enabled api-server ([#87507](https://github.com/kubernetes/kubernetes/pull/87507), [@weinong](https://github.com/weinong)) [SIG API Machinery, Auth and Cloud Provider]