Following example shows how you can use [`minio-go` PresignedGetObject](https://docs.min.io/community/minio-object-store/developers/go/API.html#presignedgetobject-ctx-context-context-bucketname-objectname-string-expiry-time-duration-reqparams-url-values-url-url-error)
```go
package main

import (
	"context"
	"log"
	"net/url"
	"time"
	"fmt"

	"github.com/minio/minio-go/v7"

	// The maximum allowed time difference between the incoming request
	// date and server date during signature verification.
	globalMaxSkewTime = 15 * time.Minute // 15 minutes skew allowed.

	// GlobalStaleUploadsExpiry - Expiry duration after which the uploads in multipart,
	// tmp directory are deemed stale.
	GlobalStaleUploadsExpiry = time.Hour * 24 // 24 hrs.

		return err
	}

	defaultExpiryDuration, err := GetDefaultExpiration(dsecs)
	if err != nil {
		return err
	}

	claims["exp"] = time.Now().UTC().Add(defaultExpiryDuration).Unix() // update with new expiry.
	return nil
}

const (
	audClaim = "aud"
	azpClaim = "azp"
)

// Validate - validates the id_token.

				failed = true
				batchLogIf(ctx, result.Err)
				continue
			}
			if result.Item.DeleteMarker {
				deleteMarkerCountMap[result.Item.Name]++
			}
			// Apply filter to find the matching rule to apply expiry
			// actions accordingly.
			// nolint:gocritic
			if result.Item.IsLatest {
				var match BatchJobExpireFilter
				var found bool
				for _, rule := range r.Rules {
					if rule.Matches(result.Item, now) {

* Inside the `certs` directory, the private key must by named `private.key` and the public key must be named `public.crt`.
* A certificate signed by a CA contains information about the issued identity (e.g. name, expiry, public key) and any intermediate certificates. The root CA is not included.

## 3. Generate and use Self-signed Keys and Certificates with MinIO

				EventName:  event.ObjectRemovedDelete,
				BucketName: bucket,
				Object: ObjectInfo{
					Name:      dobj.ObjectName,
					VersionID: dobj.VersionID,
				},
				UserAgent: "Internal: [ILM-Expiry]",
				Host:      globalLocalNodeName,
			}
			if errs[i] != nil {
				evArgs.RespElements = map[string]string{

			traceFn(ILMExpiry, nil, nil)
			return false
		}
		// Assume it is still there.
		err := fmt.Errorf("DeleteObject(%s, %s): %w", obj.Bucket, obj.Name, err)
		ilmLogOnceIf(ctx, err, "non-transition-expiry"+obj.Name)
		traceFn(ILMExpiry, nil, err)
		return false
	}
	if dobj.Name == "" {
		dobj = obj
	}

	tags := newLifecycleAuditEvent(src, lcEvent).Tags()
	tags["version-id"] = dobj.VersionID

		if len(meta.LifecycleConfigXML) > 0 {
			var lcCfg lifecycle.Lifecycle
			if err := xml.Unmarshal(meta.LifecycleConfigXML, &lcCfg); err != nil {
				return updatedAt, err
			}
			// find a single expiry rule set the flag
			for _, rl := range lcCfg.Rules {
				if !rl.Expiration.IsNull() || !rl.NoncurrentVersionExpiration.IsNull() {
					expiryRuleRemoved = true
					break
				}
			}
		}

     */
    public void setAcquisitionTimeout(final long acquisitionTimeout) {
        this.acquisitionTimeout = acquisitionTimeout;
    }

    /**
     * Sets the group cache expiry time.
     * @param groupCacheExpiry The cache expiry time in seconds.
     */
    public void setGroupCacheExpiry(final long groupCacheExpiry) {
        this.groupCacheExpiry = groupCacheExpiry;
    }

    /**

}

const (
	minValidityDurationSeconds int = 900
	maxValidityDurationSeconds int = 365 * 24 * 3600
)

// Authenticate authenticates the token with the external hook endpoint and
// returns a parent user, max expiry duration for the authentication and a set
// of claims.
func (o *AuthNPlugin) Authenticate(roleArn arn.ARN, token string) (AuthNResponse, error) {
	if o == nil {
		return AuthNResponse{}, nil
	}