// This identifier is associated with the Token that was submitted
	// with the AssumeRoleWithWebIdentity call. The identifier is typically unique to
	// the user and the application that acquired the WebIdentityToken (pairwise identifier).
	// For OpenID Connect ID tokens, this field contains the value returned by the identity
	// provider as the token's sub (Subject) claim.
	SubjectFromWebIdentityToken string `xml:",omitempty"`

	if err != nil {
		return nil, err
	}

	// Verify if the authToken already contains
	// <Key> <Token> like format, if this is
	// already present we can blindly use the
	// authToken as is instead of adding 'Bearer'
	tokens := strings.Fields(target.args.AuthToken)
	switch len(tokens) {
	case 2:
		req.Header.Set("Authorization", target.args.AuthToken)
	case 1:

		},
	},
}

func mainHandler(w http.ResponseWriter, r *http.Request) {
	token := r.FormValue("token")
	if token == "" {
		writeErrorResponse(w, errors.New("token parameter not given"))
		return
	}

	rsp, ok := tokens[token]
	if !ok {
		w.WriteHeader(http.StatusForbidden)
		return
	}

	fmt.Printf("Allowed for token: %s user: %s\n", token, rsp.User)

	w.WriteHeader(http.StatusOK)
	json.NewEncoder(w).Encode(rsp)

Previously, site replication required the root credentials of peer sites to be identical. This is no longer necessary because STS tokens are now signed with the site replicator service account credentials, thus allowing flexibility in the independent management of root accounts across sites and the ability to disable root accounts eventually.

    print('body: ' + id_token_response.text)

    # we can now use the id_token as much as we want to access protected resources.
    tokens = json.loads(id_token_response.text)
    id_token = tokens['id_token']

    response = sts_client.assume_role_with_web_identity(
        RoleArn='arn:aws:iam::123456789012:user/svc-internal-api',
        RoleSessionName='test',

		if s.end > s.start || s.err != nil {
			advance, token, err := s.split(s.buf[s.start:s.end], s.err != nil)
			if err != nil {
				if err == ErrFinalToken {
					s.token = token
					s.done = true
					// When token is not nil, it means the scanning stops
					// with a trailing token, and thus the return value
					// should be true to indicate the existence of the token.
					return token != nil

        for (String token : range.split(",")) {
            if (token.startsWith("[")) {
                ranges.add(new RangeValue(token.replace("[", ""), true));
            } else if (token.startsWith("(")) {
                ranges.add(new RangeValue(token.replace("(", ""), false));
            } else if (token.endsWith("]")) {
                ranges.add(new RangeValue(token.replace("]", ""), true));

func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
	// r.RequestURI will have raw encoded URI as sent by the client.
	tokens := strings.SplitN(r.RequestURI, "?", 2)
	encodedResource := tokens[0]
	encodedQuery := ""
	if len(tokens) == 2 {
		encodedQuery = tokens[1]
	}

	var (
		filteredQueries []string
		gotSignature    string
		expires         string
		accessKey       string

    @PathSensitive(PathSensitivity.NONE)
    public abstract RegularFileProperty getBaseCssFile();

    /**
     * Key-value pairs that are replaced in the generated HTML.
     *
     * This uses Ant style replacement tokens.
     */
    @Input
    public abstract MapProperty<String, String> getReplacementTokens();

    @Inject
    protected abstract FileSystemOperations getFs();

    @TaskAction
    public void transform() {

	args.QuoteEscapeCharacter = defaultQuoteEscapeCharacter
	args.CommentCharacter = defaultCommentCharacter
	args.AllowQuotedRecordDelimiter = false

	for {
		// Read tokens from the XML document in a stream.
		t, err := d.Token()
		if err != nil {
			if err == io.EOF {
				break
			}
			return err
		}

		if se, ok := t.(xml.StartElement); ok {
			tagName := se.Name.Local
			switch tagName {