return &credentials.WebIdentityToken{
					Token: r.Form.Get("id_token"),
				}, nil
			}
		} else {
			getWebTokenExpiry = func() (*credentials.WebIdentityToken, error) {
				oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code"))
				if err != nil {
					return nil, err
				}
				if !oauth2Token.Valid() {
					return nil, errors.New("invalid token")
				}

				return &credentials.WebIdentityToken{

        }
    }

    /**
     * SSO metadata endpoint.
     *
     * This method handles requests for SSO metadata, typically used by SAML or
     * other SSO protocols that require metadata exchange. The actual metadata
     * content is generated by the configured SSO authenticator.
     *
     * @return ActionResponse containing the SSO metadata or error page
     */
    @Execute

        byte[] salt = preauthService.generatePreauthSalt();

        preauthService.initializeSession(sessionId, salt, PreauthIntegrityService.HASH_ALGO_SHA512);

        // Simulate message exchange
        preauthService.updatePreauthHash(sessionId, "Message1".getBytes());
        preauthService.updatePreauthHash(sessionId, "Message2".getBytes());

sftp>
```

## Advanced options

### Change default FTP port

Default port '8021' can be changed via

```
--ftp="address=:3021"
```

### Change FTP passive port range

By default FTP requests OS to give a free port automatically, however you may want to restrict

OkHttp
======

See the [project website][okhttp] for documentation and APIs.

HTTP is the way modern applications network. It’s how we exchange data & media. Doing HTTP
efficiently makes your stuff load faster and saves bandwidth.

OkHttp is an HTTP client that’s efficient by default:

 * HTTP/2 support allows all requests to the same host to share a socket.
 * Connection pooling reduces request latency (if HTTP/2 isn’t available).

	// code, which we now have in `lastReq`. Exchange it for a JWT id_token.
	q := lastReq.URL.Query()
	// fmt.Printf("lastReq.URL: %#v q: %#v\n", lastReq.URL, q)
	code := q.Get("code")
	oauth2Token, err := oauth2Config.Exchange(ctx, code)
	if err != nil {
		return "", fmt.Errorf("unable to exchange code for id token: %v", err)
	}

import okhttp3.tls.internal.TlsUtil.newKeyManager
import okhttp3.tls.internal.TlsUtil.newTrustManager

/**
 * Certificates to identify which peers to trust and also to earn the trust of those peers in kind.
 * Client and server exchange these certificates during the handshake phase of a TLS connection.
 *
 * ### Server Authentication
 *
 * This is the most common form of TLS authentication: clients verify that servers are trusted and

                        || !msg2.getFlag(NtlmFlags.NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY))) {
                    throw new SmbUnsupportedOperationException("Server does not support extended NTLMv2 key exchange");
                }

                if (!msg2.getFlag(NtlmFlags.NTLMSSP_NEGOTIATE_128)) {
                    throw new SmbUnsupportedOperationException("Server does not support 128-bit keys");
                }

  the Program with a statement that the Source Code for the Program
  is available under this Agreement, and informs Recipients how to
  obtain it in a reasonable manner on or through a medium customarily
  used for software exchange; and

  b) the Contributor may Distribute the Program under a license
  different than this Agreement, provided that such license:
     i) effectively disclaims on behalf of all other Contributors all

      val socket = MockWebServerSocket(raw)
      while (true) {
        val socketStillGood = processOneRequest(socket)

        // Clean up after the last exchange on a socket.
        if (!socketStillGood) {
          raw.close()
          openClientSockets.remove(raw)
          return false
        }