Code:           "ExpiredToken",
		Description:    "The client grants that was passed is expired or is not valid. Get a new client grants token from the identity provider and then retry the request.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrSTSInvalidClientGrantsToken: {
		Code:           "InvalidClientGrantsToken",
		Description:    "The client grants token that was passed could not be validated by MinIO.",

### 4. Test with MinIO STS API

Once etcd is configured, **any STS configuration** will work including Client Grants, Web Identity or AD/LDAP.

Hug fue uno de los primeros frameworks en implementar la declaración de tipos de parámetros API usando las anotaciones de tipos de Python. Esta fue una gran idea que inspiró a otras herramientas a hacer lo mismo.

Usaba tipos personalizados en sus declaraciones en lugar de tipos estándar de Python, pero aún así fue un gran avance.

También fue uno de los primeros frameworks en generar un esquema personalizado declarando toda la API en JSON.

// A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player
// or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
// When clients request content hosted on a particular source domain and that content make requests
// directed towards a domain other than its own, the remote domain needs to host a cross-domain

    @Test
    void testRemovalOfParentRefs() {
        assertEquals("http://server.org/child", normalize("http://server.org/parent/../child"));
        assertEquals("http://server.org/child", normalize("http://server.org/grand/parent/../../child"));

        assertEquals("http://server.org//child", normalize("http://server.org/parent/..//child"));
        assertEquals("http://server.org/child", normalize("http://server.org/parent//../child"));
    }

## you can define additional policies with custom supported actions and resources
policies: []
## writeexamplepolicy policy grants creation or deletion of buckets with name
## starting with example. In addition, grants objects write permissions on buckets starting with
## example.
# - name: writeexamplepolicy
#   statements:
#     - effect: Allow  # this is the default
#       resources:

  # from application to upstream provider such as the Google login page
  alwaysShowLoginScreen: false
  # Uncommend the passwordConnector to use a specific connector for password grants
  passwordConnector: local

# Instead of reading from an external storage, use this list of clients.
#
# If this option isn't chosen clients may be added through the gRPC API.
staticClients:
  - id: example-app

     */
    int getTransactionBufferSize();

    /**
     * Gets the number of initial credits granted by the server for SMB2.
     *
     * @return number of initial credits the server grants
     */
    int getInitialCredits();

    /**
     * Checks whether a connection can be reused for the given configuration.
     *
     * @param tc the CIFS context to check compatibility with

Puedes usar esta plantilla para comenzar, ya que incluye gran parte de la configuración inicial, seguridad, base de datos y algunos endpoints de API ya hechos para ti.

class ClientGrantsCredentialProvider(CredentialProvider):
    """
    ClientGrantsCredentialProvider implements CredentialProvider compatible
    implementation to be used with boto_session
    """
    METHOD = 'assume-role-client-grants'
    CANONICAL_NAME = 'AssumeRoleClientGrants'

    def __init__(self, cid, csec,
                 idp_ep='http://localhost:8080/auth/realms/minio/protocol/openid-connect/token',