TrailingHeaders: true,
		})
	}

	// ok == true - at this point

	if ui.Credentials.IsTemp() {
		// Temporary credentials are not allowed.
		return nil, errAuthentication
	}

	return minio.New(driver.endpoint, &minio.Options{
		Creds:           credentials.NewStaticV4(ui.Credentials.AccessKey, ui.Credentials.SecretKey, ""),
		Secure:          globalIsTLS,
		Transport:       tr,
		TrailingHeaders: true,

    /**
     * Authenticate arbitrary credentials represented by the
     * <code>NtlmPasswordAuthentication</code> object against the domain controller
     * specified by the <code>UniAddress</code> parameter. If the credentials are
     * not accepted, an <code>SmbAuthException</code> will be thrown. If an error
     * occurs an <code>SmbException</code> will be thrown. If the credentials are

- MinIO returns temp. S3 credentials associated to the found policy.

The returned credentials expiry after a certain period of time that can be configured via `&DurationSeconds=3600`. By default, the STS credentials are valid for 1 hour. The minimum expiration allowed is 15 minutes.

                final AuthScope authScope = getAuthScope(webAuthName, scheme, paramMap);
                final Credentials credentials = getCredentials(webAuthName, scheme, paramMap);
                basicAuthList.add(new AuthenticationImpl(authScope, credentials, authScheme));
            }

                if (!this.getConfig().isAllowGuestFallback() && response.isLoggedInAsGuest()
                        && (!this.credentials.isGuest() && !this.credentials.isAnonymous())) {
                    throw new SmbAuthException(NtStatus.NT_STATUS_LOGON_FAILURE);
                }
                if (!this.credentials.isAnonymous() && response.isLoggedInAsGuest()) {
                    anonymous = true;
                }

package jcifs.smb;

/**
 * Interface for renewable SMB credentials.
 *
 * This interface defines methods for credentials that can be
 * automatically renewed during long-running operations.
 *
 * @author mbechler
 */
public interface SmbRenewableCredentials extends CredentialsInternal {

    /**
     * Renew the credentials
     *
     * @return the renewed credentials
     */
    CredentialsInternal renew();

			return
		}

		var getWebTokenExpiry func() (*credentials.WebIdentityToken, error)
		if clientSec == "" {
			getWebTokenExpiry = func() (*credentials.WebIdentityToken, error) {
				return &credentials.WebIdentityToken{
					Token: r.Form.Get("id_token"),
				}, nil
			}
		} else {
			getWebTokenExpiry = func() (*credentials.WebIdentityToken, error) {

	ExecObjectLayerAPITest(ExecObjectLayerAPITestArgs{
		t: t,
		objAPITest: func(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, credentials auth.Credentials, t *testing.T) {
			objectName := "dummy-object"
			functionID := "lambda1"
			functionToken := "token123"

			// Lambda mock server

## Scope

- All IAM Credentials are allowed access excluding rotating credentials, rotating credentials
  are not allowed to login via FTP/SFTP ports, you must use S3 API port for if you are using
  rotating credentials.

- Access to bucket(s) and object(s) are governed via IAM policies associated with the incoming
  login credentials.

- Allows authentication and access for all

MinIO Security Token Service (STS) is an endpoint service that enables clients to request temporary credentials for MinIO resources. Temporary credentials work almost identically to default admin credentials, with some differences:

- Temporary credentials are short-term, as the name implies. They can be configured to last for anywhere from a few minutes to several hours. After the credentials expire, MinIO no longer recognizes them or allows any kind of access from API requests made with them....