/**
     * The role for this action.
     */
    public static final String ROLE = "admin-accesstoken";

    /**
     * The token parameter.
     */
    public static final String TOKEN = "token";

    /**
     * The expires parameter.
     */
    public static final String EXPIRES = "expires";

    /**
     * The expired time parameter.
     */

    /**
     * Constructs a KerberosTicket from token bytes.
     *
     * @param token the ticket token bytes
     * @param apOptions AP options flags
     * @param keys array of Kerberos keys for decryption
     * @throws PACDecodingException if ticket decoding fails
     */
    public KerberosTicket(byte[] token, byte apOptions, KerberosKey[] keys) throws PACDecodingException {
        if (token.length <= 0) {

    }

    /**
     * Gets the OpenID Connect token server URL.
     *
     * @return the token server URL
     */
    protected String getOicTokenServerUrl() {
        return ComponentUtil.getSystemProperties().getProperty(OIC_TOKEN_SERVER_URL, "https://accounts.google.com/o/oauth2/token");
    }

    /**
     * Gets the OpenID Connect redirect URL.
     *

- `outputRoute` – A routing token that is added to the response headers when the Lambda function returns the transformed object. This is used by MinIO to further verify the incoming response validity.

pkg go/types, func NewChecker(*Config, *token.FileSet, *Package, *Info) *Checker
pkg go/types, func NewConst(token.Pos, *Package, string, Type, constant.Value) *Const
pkg go/types, func NewField(token.Pos, *Package, string, Type, bool) *Var
pkg go/types, func NewFunc(token.Pos, *Package, string, *Signature) *Func
pkg go/types, func NewInterface([]*Func, []*Named) *Interface
pkg go/types, func NewLabel(token.Pos, *Package, string) *Label

  logger:
    level: "debug"
    format: "text" # can also be "json"

# Default values shown below
oauth2:
  # use ["code", "token", "id_token"] to enable implicit flow for web-only clients
  responseTypes: [ "code", "token", "id_token" ] # also allowed are "token" and "id_token"
  # By default, Dex will ask for approval to share data with application

                ctx = createContext(trans, tdomain, negoResp, !anonymous, s);
            }
            token = createToken(ctx, token, s);

            if (token != null) {
                request = new Smb2SessionSetupRequest(this.getContext(), securityMode, negoResp.getCommonCapabilities(), 0, token);
                // here, messages are rejected with NOT_SUPPORTED if we start signing as soon as we can, wait until

		Description:    "The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrSTSClientGrantsExpiredToken: {
		Code:           "ExpiredToken",
		Description:    "The client grants that was passed is expired or is not valid. Get a new client grants token from the identity provider and then retry the request.",

想更完整地了解 `**user_dict`，請回到[**額外模型** 的文件](../extra-models.md#about-user-in-dict)。

///

## 回傳 token { #return-the-token }

`token` 端點的回應必須是 JSON 物件。

它應該有一個 `token_type`。在本例中，我們使用「Bearer」tokens，token 類型應該是「`bearer`」。

而且它還應該有一個 `access_token`，其值為包含我們存取權杖的字串。

在這個簡單示例中，我們會不安全地直接回傳相同的 `username` 當作 token。

/// tip

下一章你會看到真正安全的實作，包含密碼雜湊與 <abbr title="JSON Web Tokens - JSON 網頁權杖">JWT</abbr> tokens。

/// tip | Подсказка

Здесь `tokenUrl="token"` ссылается на относительный URL `token`, который мы еще не создали. Поскольку это относительный URL, он эквивалентен `./token`.