flag.StringVar(&configEndpoint, "config-ep",
		"http://localhost:8080/auth/realms/minio/.well-known/openid-configuration",
		"OpenID discovery document endpoint")
	flag.StringVar(&clientID, "cid", "", "Client ID")
	flag.StringVar(&clientSec, "csec", "", "Client Secret")
	flag.StringVar(&clientScopes, "cscopes", "openid", "Client Scopes")
	flag.IntVar(&port, "port", 8080, "Port")
}

### 5. Setup MinIO with OpenID configuration URL

MinIO server expects environment variable for OpenID configuration url as `MINIO_IDENTITY_OPENID_CONFIG_URL`, this environment variable takes a single entry.

```
export MINIO_IDENTITY_OPENID_CONFIG_URL=https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration

from starlette.exceptions import HTTPException
from starlette.requests import Request
from starlette.status import HTTP_401_UNAUTHORIZED


class OpenIdConnect(SecurityBase):
    """
    OpenID Connect authentication class. An instance of it would be used as a
    dependency.

    **Warning**: this is only a stub to connect the components with OpenAPI in FastAPI,

		writeSTSErrorResponse(ctx, w, ErrSTSInternalError, err)
		return
	}

	// https://openid.net/specs/openid-connect-core-1_0.html#ClaimStability
	// claim is only considered stable when subject and iss are used together
	// this is to ensure that ParentUser doesn't change and we get to use
	// parentUser as per the requirements for service accounts for OpenID
	// based logins.
	var subFromToken string
	if v, ok := claims[subClaim]; ok {

		cfg.Compression.MimeTypes = strings.Split(compress.DefaultMimeTypes, config.ValueSeparator)
	case "30":
		// V30 -> V31
		cfg.OpenID = openid.Config{}
		cfg.Policy.OPA = opa.Args{
			URL:       &xnet.URL{},
			AuthToken: "",
		}
	case "31":
		// V31 -> V32
		cfg.Notify.NSQ = make(map[string]target.NSQArgs)

      TestByteSink okSink = new TestByteSink();
      assertThrows(IOException.class, () -> failSource.copyTo(okSink));
      // ensure stream was closed IF it was opened (depends on implementation whether or not it's
      // opened at all if source.newInputStream() throws).
      assertTrue(
          "stream not closed when copying from source with option: " + option,

~ export MINIO_IDENTITY_OPENID_CONFIG_URL=http://127.0.0.1:5556/dex/.well-known/openid-configuration
~ minio server ~/test
```

### Run the `web-identity.go`

```
~ go run web-identity.go -cid example-app -csec ZXhhbXBsZS1hcHAtc2VjcmV0 \
     -config-ep http://127.0.0.1:5556/dex/.well-known/openid-configuration \
     -cscopes groups,openid,email,profile
```

```
~ mc admin policy create admin allaccess.json
```

from flask import Flask, request

boto3.set_stream_logger('boto3.resources', logging.DEBUG)

authorize_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/auth"
token_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/token"

# callback url specified when the application was defined
callback_uri = "http://localhost:8000/oauth2/callback"

# keycloak id and secret
client_id = 'account'

		}

		if l.AddressSpace > 0 {
			m.Set(processVirtualMemoryMaxBytes, float64(l.AddressSpace))
		}
	}

	openFDs, err := p.FileDescriptorsLen()
	if err != nil {
		metricsLogIf(ctx, err)
	} else if openFDs > 0 {
		m.Set(processFileDescriptorOpenTotal, float64(openFDs))
	}
}

// loadProcessMetrics - `MetricsLoaderFn` for process metrics

export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
minio server /mnt/data
```

#### Casdoor

```
export MINIO_ROOT_USER=minio
export MINIO_ROOT_PASSWORD=minio123
export MINIO_IDENTITY_OPENID_CONFIG_URL=http://CASDOOR_ENDPOINT/.well-known/openid-configuration