if !ok {
			return errors.New("STS JWT Token has `azp` claim invalid, `azp` must match configured OpenID Client ID")
		}
		if !azpValues.Contains(pCfg.ClientID) {
			return errors.New("STS JWT Token has `azp` claim invalid, `azp` must match configured OpenID Client ID")
		}
	}

	return nil
}

        when(fh.acquire()).thenReturn(fh);
        when(fh.isValid()).thenReturn(true);

        // Act
        SmbFileHandleImpl opened = handle.ensureOpen();

        // Assert
        assertSame(fh, opened);
        assertTrue(handle.isOpen(), "Handle should report open after ensureOpen");

from starlette.exceptions import HTTPException
from starlette.requests import Request
from starlette.status import HTTP_401_UNAUTHORIZED


class OpenIdConnect(SecurityBase):
    """
    OpenID Connect authentication class. An instance of it would be used as a
    dependency.

    **Warning**: this is only a stub to connect the components with OpenAPI in FastAPI,

    protected static final String OIC_REDIRECT_URL = "oic.redirect.url";

    /** Configuration key for OpenID Connect token server URL. */
    protected static final String OIC_TOKEN_SERVER_URL = "oic.token.server.url";

    /** Configuration key for OpenID Connect client secret. */
    protected static final String OIC_CLIENT_SECRET = "oic.client.secret";

            final MsrpcSamrConnect2 rpc2 = new MsrpcSamrConnect2(server, access, this);
            handle.sendrecv(rpc2);
        }
        this.opened = true;
    }

    @Override
    public synchronized void close() throws IOException {
        if (this.opened) {
            this.opened = false;
            final samr.SamrCloseHandle rpc = new MsrpcSamrCloseHandle(this);
            this.handle.sendrecv(rpc);

### OpenID (не «OpenID Connect») { #openid-not-openid-connect }

Также ранее использовалась спецификация «OpenID», которая пыталась решить ту же задачу, что и **OpenID Connect**, но не была основана на OAuth2.

Таким образом, это была полноценная дополнительная система.

В настоящее время не очень популярен и не используется.

## OpenAPI { #openapi }

public interface SmbPipeResource extends SmbResource {

    /**
     * The pipe should be opened read-only.
     */

    int PIPE_TYPE_RDONLY = SmbConstants.O_RDONLY;

    /**
     * The pipe should be opened only for writing.
     */

    int PIPE_TYPE_WRONLY = SmbConstants.O_WRONLY;

    /**
     * The pipe should be opened for both reading and writing.
     */

    int PIPE_TYPE_RDWR = SmbConstants.O_RDWR;

	flag.StringVar(&configEndpoint, "config-ep",
		"http://localhost:8080/auth/realms/minio/.well-known/openid-configuration",
		"OpenID discovery document endpoint")
	flag.StringVar(&clientID, "cid", "", "Client ID")
	flag.StringVar(&clientSec, "csec", "", "Client Secret")
	flag.StringVar(&clientScopes, "cscopes", "openid", "Client Scopes")
	flag.IntVar(&port, "port", 8080, "Port")
}

### 5. Setup MinIO with OpenID configuration URL

MinIO server expects environment variable for OpenID configuration url as `MINIO_IDENTITY_OPENID_CONFIG_URL`, this environment variable takes a single entry.

```
export MINIO_IDENTITY_OPENID_CONFIG_URL=https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration

### OpenID (no "OpenID Connect") { #openid-not-openid-connect }

Hubo también una especificación "OpenID". Que intentaba resolver lo mismo que **OpenID Connect**, pero no estaba basada en OAuth2.

Entonces, era un sistema completo adicional.

No es muy popular o usado hoy en día.

## OpenAPI { #openapi }

OpenAPI (anteriormente conocido como Swagger) es la especificación abierta para construir APIs (ahora parte de la Linux Foundation).