# AssumeRoleWithCustomToken [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)

## Introduction

To integrate with custom authentication methods using the [Identity Management Plugin](../iam/identity-management-plugin.md)), MinIO provides an STS API extension called `AssumeRoleWithCustomToken`.

After configuring the plugin, use the generated Role ARN with `AssumeRoleWithCustomToken` to get temporary credentials to access object storage.

          # - you are installing Scorecard on a *private* repository
          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
          # repo_token: ${{ secrets.SCORECARD_TOKEN }}

          # Public repositories:
          #   - Publish results to OpenSSF REST API for easy access by consumers

# ==============================================================================
# Sourcing this enables Bazel remote cache (read and write)
# Note that "_push" cache configs write to GCS buckets and require
# authentication. If you are not a Googler, source "public_cache" to enable the
# public read-only cache.
# The cache configs are different for MacOS and Linux
if [[ $(uname -s) == "Darwin" ]]; then

	case assumeRole:
	default:
		writeSTSErrorResponse(ctx, w, ErrSTSInvalidParameterValue, fmt.Errorf("Unsupported action %s", action))
		return
	}

	ctx = newContext(r, w, action)

	// Validate the authentication result here so that failures will be audit-logged.
	if apiErrCode != ErrNone {
		stsErr := apiToSTSError(apiErrCode)
		// Borrow the description error from the API error code

     *
     * @return password used when guest authentication is requested
     */
    String getGuestPassword();

    /**
     * Property {@code jcifs.smb.client.guestUsername}, defaults to GUEST
     *
     * @return username used when guest authentication is requested
     */
    String getGuestUsername();

    /**

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import jcifs.CIFSException;
import jcifs.internal.smb2.nego.PreauthIntegrityNegotiateContext;

/**
 * Enhanced Pre-Authentication Integrity Service for SMB 3.1.1.
 *
 * Provides comprehensive pre-authentication integrity protection against
 * downgrade attacks by maintaining cryptographic hash chains of all
 * negotiation and session setup messages.
 */

    /**
     * Constructs an SmbNamedPipe for a specified pipe on an SMB server.
     *
     * @param url the SMB URL of the named pipe
     * @param pipeType the type of the pipe
     * @param auth the authentication credentials to use
     * @throws MalformedURLException if the URL is not properly formatted
     * @throws UnknownHostException if the host cannot be resolved
     */

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

package jcifs.smb;

/**
 * The <code>SmbAuthException</code> encapsulates the variety of
 * authentication related error codes returned by an SMB server.
 * <p>
 * See <a href="../../../authhandler.html">jCIFS Exceptions and NtlmAuthenticator</a> for more information about
 * <code>SmbAuthException</code>.
 */

public enum ChannelState {
    /**
     * Channel is not connected
     */
    DISCONNECTED(0),

    /**
     * Connection establishment in progress
     */
    CONNECTING(1),

    /**
     * Authentication in progress
     */
    AUTHENTICATING(2),

    /**
     * Channel is established and ready for use
     */
    ESTABLISHED(3),

    /**
     * Channel binding in progress
     */

  - Navigate to service provider section, expand Inbound Authentication Configurations and expand OAuth/OpenID Connect Configuration.
    - Copy the OAuth Client Key as the value for `<CLIENT_ID>`.
    - Copy the OAuth Client Secret as the value for `<CLIENT_SECRET>`.