if len(pubKeys.pkMap) != 1 {
		t.Fatalf("Expected 1 keys, got %d", len(pubKeys.pkMap))
	}

	provider := providerCfg{
		ClientID:     "76b95ae5-33ef-4283-97b7-d2a85dc2d8f4",
		ClientSecret: "WNGvKVyyNmXq0TraSvjaDN9CtpFgx35IXtGEffMCPR0",
	}
	provider.JWKS.URL = u1
	cfg := Config{
		Enabled: true,
		pubKeys: pubKeys,
		arnProviderCfgsMap: map[arn.ARN]*providerCfg{
			DummyRoleARN: &provider,

                  name: {{ .Values.oidc.existingClientSecretName }}
                  key: {{ .Values.oidc.existingClientSecretKey }}
            {{- else }}
              value: {{ .Values.oidc.clientSecret }}
            {{- end }}
            - name: MINIO_IDENTITY_OPENID_CLAIM_NAME
              value: {{ .Values.oidc.claimName }}
            - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX

oidc:
  enabled: false
  configUrl: "https://identity-provider-url/.well-known/openid-configuration"
  clientId: "minio"
  clientSecret: ""
  # Provide existing client secret from the Kubernetes Secret resource, existing secret will have priority over `clientId` and/or `clientSecret``
  existingClientSecretName: ""
  existingClientIdKey: ""
  existingClientSecretKey: ""
  claimName: "policy"

                  name: {{ .Values.oidc.existingClientSecretName }}
                  key: {{ .Values.oidc.existingClientSecretKey }}
            {{- else }}
              value: {{ .Values.oidc.clientSecret }}
            {{- end }}
            - name: MINIO_IDENTITY_OPENID_CLAIM_NAME
              value: {{ .Values.oidc.claimName }}
            - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX

	scopes := ddoc.ScopesSupported
	if clientScopes != "" {
		scopes = strings.Split(clientScopes, ",")
	}

	ctx := context.Background()

	config := oauth2.Config{
		ClientID:     clientID,
		ClientSecret: clientSec,
		Endpoint: oauth2.Endpoint{
			AuthURL:  ddoc.AuthEndpoint,
			TokenURL: ddoc.TokenEndpoint,
		},
		RedirectURL: fmt.Sprintf("http://10.0.0.67:%d/oauth2/callback", port),
		Scopes:      scopes,

	pCfg := r.arnProviderCfgsMap[arn]
	if pCfg.JWKS.URL == nil || pCfg.JWKS.URL.String() == "" {
		return nil
	}

	// Add client secret for the client ID for HMAC based signature.
	r.pubKeys.add(pCfg.ClientID, []byte(pCfg.ClientSecret))

	client := &http.Client{
		Transport: r.transport,
	}

	resp, err := client.Get(pCfg.JWKS.URL.String())
	if err != nil {
		return err
	}
	defer r.closeRespFn(resp.Body)

		}
		m[name] = consoleoauth2.ProviderConfig{
			URL:                     cfg.URL.String(),
			DisplayName:             cfg.DisplayName,
			ClientID:                cfg.ClientID,
			ClientSecret:            cfg.ClientSecret,
			HMACSalt:                globalDeploymentID(),
			HMACPassphrase:          cfg.ClientID,
			Scopes:                  strings.Join(cfg.DiscoveryDoc.ScopesSupported, ","),

	if err != nil {
		return "", fmt.Errorf("unable to create provider: %v", err)
	}

	// Configure an OpenID Connect aware OAuth2 client.
	oauth2Config := oauth2.Config{
		ClientID:     pro.ClientID,
		ClientSecret: pro.ClientSecret,
		RedirectURL:  pro.RedirectURL,

		// Discovery returns the OAuth2 endpoints.
		Endpoint: provider.Endpoint(),

		// "openid" is a required scope for OpenID Connect flows.

entication-with-openid-identity-provider.html#minio-external-identity-management-openid for a tutorial on using these variables. oidc: enabled: false configUrl: "https://identity-provider-url/.well-known/openid-configuration" clientId: "minio" clientSecret: "" claimName: "policy" scopes: "openid,profile,email" redirectUri: "https://console-endpoint-url/oauth_callback" # Can leave empty claimPrefix: "" comment: "" networkPolicy: enabled: false allowExternal: true ## PodDisruptionBudget settings ##...

entication-with-openid-identity-provider.html#minio-external-identity-management-openid for a tutorial on using these variables. oidc: enabled: false configUrl: "https://identity-provider-url/.well-known/openid-configuration" clientId: "minio" clientSecret: "" claimName: "policy" scopes: "openid,profile,email" redirectUri: "https://console-endpoint-url/oauth_callback" # Can leave empty claimPrefix: "" comment: "" networkPolicy: enabled: false allowExternal: true ## PodDisruptionBudget settings ##...