{* ../../docs_src/response_directly/tutorial002_py39.py hl[1,18] *}

## Notes { #notes }

When you return a `Response` directly its data is not validated, converted (serialized), or documented automatically.

But you can still document it as described in [Additional Responses in OpenAPI](additional-responses.md){.internal-link target=_blank}.

		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrSTSInvalidClientGrantsToken: {
		Code:           "InvalidClientGrantsToken",
		Description:    "The client grants token that was passed could not be validated by MinIO.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrSTSMalformedPolicyDocument: {
		Code:           "MalformedPolicyDocument",

        return Optional.ofNullable(parserRequest().stdErr());
    }

    /**
     * Returns a list of core extensions from all sources, that were discovered and loaded. Each instance of
     * {@link CoreExtensions} is validated, but the list elements may have overlapping elements, that requires
     * some logic to sort out (like precedence).
     * <p>
     * The list of {@link CoreExtensions} if present, is in precedence order.
     *

	if err != nil {
		return nil, false, fmt.Errorf("Error looking up DN %s: %w", dn, err)
	}
	if searchRes == nil {
		return nil, false, nil
	}

	// This will not return an error as the argument is validated to be a DN.
	pdn, _ := ldap.ParseDN(searchRes.NormDN)

	// Check that the DN is under a configured base DN in the LDAP
	// directory.
	for _, baseDN := range baseDNList {
		if baseDN.Parsed.AncestorOf(pdn) {

	AuthToken   string                `json:"authToken"`
	Transport   http.RoundTripper     `json:"-"`
	CloseRespFn func(r io.ReadCloser) `json:"-"`
}

// Validate - validate opa configuration params.
func (a *Args) Validate() error {
	req, err := http.NewRequest(http.MethodPost, a.URL.String(), bytes.NewReader([]byte("")))
	if err != nil {
		return err
	}

	req.Header.Set("Content-Type", "application/json")

**Key Scenarios**:
- ✅ Valid filename extraction
- ✅ Null parameters handling
- ✅ Empty/missing resource name
- ✅ Special characters in filename (Japanese, paths)
- ✅ Input stream not consumed (only validated)
- ✅ Whitespace and empty string handling

---

### 3. ArchiveExtractorErrorHandlingTest.java
**Purpose**: Test improved error handling in archive extractors.

**Key Test Areas**:
- Enhanced error messages

    }

    /**
     * Creates an encrypted user code from a user ID.
     * The user ID is encrypted using the primary cipher and validated against the configuration.
     *
     * @param userCode the raw user ID to encrypt
     * @return the encrypted and validated user code, or null if invalid
     */
    protected String createUserCodeFromUserId(String userCode) {

You can actually use this same technique with an HTTP `PUT` operation.

But the example here uses `PATCH` because it was created for these use cases.

///

/// note

Notice that the input model is still validated.

So, if you want to receive partial updates that can omit all the attributes, you need to have a model with all the attributes marked as optional (with default values or `None`).

AssumeRoleWithClientGrants does not require the use of MinIO default credentials. Therefore, client application can be distributed that requests temporary security credentials without including MinIO default credentials. Instead, the identity of the caller is validated by using a JWT access token from the identity provider. The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls...

        }
    }

    /**
     * Validates a string is not null or empty
     *
     * @param value the string to validate
     * @param fieldName the field name for error reporting
     * @return the validated string
     * @throws IllegalArgumentException if string is null or empty
     */