.result());
    }

    // GET /api/admin/accesstoken/setting/{id}
    /**
     * Retrieves a specific access token setting by ID.
     *
     * @param id the access token ID to retrieve
     * @return JSON response with the access token setting
     */
    @Execute
    public JsonResponse<ApiResult> get$setting(final String id) {

///

## Den Token zurückgeben

Die Response des `token`-Endpunkts muss ein JSON-Objekt sein.

Es sollte einen `token_type` haben. Da wir in unserem Fall „Bearer“-Token verwenden, sollte der Token-Typ "`bearer`" sein.

Und es sollte einen `access_token` haben, mit einem String, der unseren Zugriffstoken enthält.

     *
     * @param authType the type of authorization data
     * @param token the authorization data token
     * @param keys the Kerberos keys for decryption
     * @return a list of parsed authorization data
     * @throws PACDecodingException if the data cannot be decoded
     */
    public static List<KerberosAuthData> parse(int authType, byte[] token, Map<Integer, KerberosKey> keys) throws PACDecodingException {

	xjwt "github.com/minio/minio/internal/jwt"
	"github.com/minio/pkg/v3/policy"
)

const (
	jwtAlgorithm = "Bearer"

	// Default JWT token for web handlers is one day.
	defaultJWTExpiry = 24 * time.Hour

	// Inter-node JWT token expiry is 100 years approx.
	defaultInterNodeJWTExpiry = 100 * 365 * 24 * time.Hour
)

var (

		t.Fatal(err)
	}

	creds := globalActiveCred
	token, err := getTokenString(creds.AccessKey, creds.SecretKey)
	if err != nil {
		t.Fatalf("unable get token %s", err)
	}
	testCases := []struct {
		req         *http.Request
		expectedErr error
	}{
		// Set valid authorization header.
		{
			req: &http.Request{
				Header: http.Header{
					"Authorization": []string{token},
				},
			},
			expectedErr: nil,
		},

        setMechanismListMIC(mechanismListMIC);
    }

    /**
     * Constructs a NegTokenTarg by parsing the provided token bytes
     * @param token the SPNEGO token bytes to parse
     * @throws IOException if parsing fails
     */
    public NegTokenTarg(final byte[] token) throws IOException {
        parse(token);
    }

    /**
     * Gets the negotiation result code
     * @return the result code
     */

		case "Endpoint":
			z.Endpoint, err = dc.ReadString()
			if err != nil {
				err = msgp.WrapError(err, "Endpoint")
				return
			}
		case "Token":
			z.Token, err = dc.ReadString()
			if err != nil {
				err = msgp.WrapError(err, "Token")
				return
			}
		default:
			err = dc.Skip()
			if err != nil {
				err = msgp.WrapError(err)
				return
			}
		}
	}
	return
}

        this.permissions = value;
    }

    public String getToken() {
        checkSpecifiedProperty("token");
        return convertEmptyToNull(token);
    }

    public void setToken(String value) {
        registerModifiedProperty("token");
        this.token = value;
    }

    public String getUpdatedBy() {
        checkSpecifiedProperty("updatedBy");

`AssumeRoleWithCustomToken` STS API extension. A user or application can now present a token to the `AssumeRoleWithCustomToken` API, and MinIO verifies this token by sending it to the Identity Management Plugin webhook. This plugin responds with some information and MinIO is able to generate temporary STS credentials to interact with object storage.

The authentication flow is similar to that of OpenID, however the token is "opaque" to MinIO - it is simply sent to the plugin for verification. CAVEAT:...

    /**
     * Creates a Kerberos AP request from a token.
     *
     * @param token the Kerberos AP-REQ token
     * @param keys the Kerberos keys for decryption
     * @throws PACDecodingException if the token cannot be decoded
     */
    public KerberosApRequest(byte[] token, KerberosKey[] keys) throws PACDecodingException {
        this(parseSequence(token), keys);
    }