time="2020-07-12T20:45:50Z" level=info msg="config signing keys expire after: 3h0m0s"
time="2020-07-12T20:45:50Z" level=info msg="config id tokens valid for: 3h0m0s"
time="2020-07-12T20:45:50Z" level=info msg="listening (http) on 0.0.0.0:5556"
```

### Configure MinIO server with Dex

```
~ export MINIO_IDENTITY_OPENID_CLAIM_NAME=name

			Key:         apiStaleUploadsExpiry,
			Description: `set to expire stale multipart uploads older than this values` + defaultHelpPostfix(apiStaleUploadsExpiry),
			Optional:    true,
			Type:        "duration",
		},
		config.HelpKV{
			Key:         apiStaleUploadsCleanupInterval,
			Description: `set to change intervals when stale multipart uploads are expired` + defaultHelpPostfix(apiStaleUploadsCleanupInterval),
			Optional:    true,

    val pool = routePlanner.pool

    // Add a connection to the pool that won't expire for a while
    routePlanner.defaultConnectionIdleAtNanos = expireLater
    setPolicy(pool, address, ConnectionPool.AddressPolicy(1))
    assertThat(pool.connectionCount()).isEqualTo(1)

    // All other connections created will expire sooner
    routePlanner.defaultConnectionIdleAtNanos = expireSooner

	if err != nil {
		return err
	}

	if days < 0 {
		return errTransitionInvalidDays
	}
	*tDays = TransitionDays(days)

	return nil
}

// MarshalXML encodes number of days to expire if it is non-zero and
// encodes empty string otherwise
func (tDays TransitionDays) MarshalXML(e *xml.Encoder, startElement xml.StartElement) error {
	return e.EncodeElement(int(tDays), startElement)
}

  /**
   * Returns the time that this cookie expires, in the same format as [System.currentTimeMillis].
   * This is December 31, 9999 if the cookie is not [persistent], in which case it will expire at the
   * end of the current session.
   *
   * This may return a value less than the current time, in which case the cookie is already
   * expired. Webservers may return expired cookies as a mechanism to delete previously set cookies

pkg syscall (openbsd-386), type FdSet struct, Bits [32]int32
pkg syscall (openbsd-386), type Kevent_t struct, Data int32
pkg syscall (openbsd-386), type Mclpool struct, Grown uint32
pkg syscall (openbsd-386), type RtMetrics struct, Expire uint32
pkg syscall (openbsd-386), type Stat_t struct, Ino uint32
pkg syscall (openbsd-386), type Stat_t struct, Lspare0 int32
pkg syscall (openbsd-386), type Stat_t struct, Lspare1 int32

    * A "token" is just a string with some content that we can use later to verify this user.
    * Normally, a token is set to expire after some time.
        * So, the user will have to log in again at some point later.
        * And if the token is stolen, the risk is less. It is not like a permanent key that will work forever (in most of the cases).

}
```

These credentials can now be used to perform MinIO API operations, these credentials automatically expire in 1hr. To understand more about credential expiry duration and client grants STS API read further [here](https://github.com/minio/minio/blob/master/docs/sts/client-grants.md).

## Explore Further

- [MinIO STS Quickstart Guide](https://min.io/docs/minio/linux/developers/security-token-service.html)

		ongoing: false,
		expiry:  expiry.UTC(),
	}
}

// String returns x-amz-restore compatible representation of r.
func (r restoreObjStatus) String() string {
	if r.Ongoing() {
		return `ongoing-request="true"`
	}
	return fmt.Sprintf(`ongoing-request="false", expiry-date="%s"`, r.expiry.Format(http.TimeFormat))
}

// Expiry returns expiry of restored object and true if restore-object has completed.

Clients might rely on the platform certificates and servers might use a private
organization-specific certificate authority.

By default `HeldCertificate` instances expire after 24 hours. Use `duration()` to adjust.

By default server certificates need to identify which hostnames they're trusted for. You may add as