for ((key, value) in authParams) {
      val newKey = key?.lowercase(US)
      newAuthParams[newKey] = value
    }
    this.authParams = newAuthParams.unmodifiable()
  }

  /** Returns a copy of this charset that expects a credential encoded with [charset]. */
  fun withCharset(charset: Charset): Challenge {
    val authParams = this.authParams.toMutableMap()
    authParams["charset"] = charset.name()
    return Challenge(scheme, authParams)

  --initial-cluster-state new
```

You may also setup etcd with TLS following this documentation [here](https://coreos.com/etcd/docs/latest/op-guide/security.html)

### 3. Setup MinIO with etcd

MinIO server expects environment variable for etcd as `MINIO_ETCD_ENDPOINTS`, this environment variable takes many comma separated entries.

```
export MINIO_ETCD_ENDPOINTS=http://localhost:2379
minio server /data
```

## REST API call to plugin

To verify the custom token presented in the `AssumeRoleWithCustomToken` API, MinIO makes a POST request to the configured identity management plugin endpoint and expects a response with some details as shown below:

### Request `POST` to plugin endpoint

Query parameters:

| Parameter Name | Value Type | Purpose                                                                 |

	u1 := *GetUser("create", Config{})

	if results := DB.Create(&u1); results.Error != nil {
		t.Fatalf("errors happened when create: %v", results.Error)
	} else if results.RowsAffected != 1 {
		t.Fatalf("rows affected expects: %v, got %v", 1, results.RowsAffected)
	}

	if u1.ID == 0 {
		t.Errorf("user's primary key should has value after create, got : %v", u1.ID)
	}

	if u1.CreatedAt.IsZero() {

# HTTP Basic Auth { #http-basic-auth }

For the simplest cases, you can use HTTP Basic Auth.

In HTTP Basic Auth, the application expects a header that contains a username and a password.

If it doesn't receive it, it returns an HTTP 401 "Unauthorized" error.

And returns a header `WWW-Authenticate` with a value of `Basic`, and an optional `realm` parameter.

That tells the browser to show the integrated prompt for a username and password.

        testCoverage: TestCoverage,
        parallelization: (Int) -> ParallelizationMethod,
    ): List<SmallSubprojectBucket> {
        // splitIntoBuckets() method expects us to split large element into N elements,
        // but we want to have a single bucket with N batches.
        // As a workaround, we repeat the bucket N times, and deduplicate the result at the end

  )

  fun toDer(value: T): ByteString {
    val buffer = Buffer()
    val writer = DerWriter(buffer)
    toDer(writer, value)
    return buffer.readByteString()
  }

  /**
   * Returns an adapter that expects this value wrapped by another value. Typically this occurs
   * when a value has both a context or application tag and a universal tag.
   *
   * Use this for EXPLICIT tag types:
   *
   * ```
   * [5] EXPLICIT UTF8String

    /**
     * Returns a filter for directories that may contain paths accepted by the given matcher.
     * The given path matcher should be an instance created by this service.
     * The path matcher returned by this method expects directory paths.
     * If that matcher returns {@code false}, then the directory will definitively not contain
     * the paths selected by the matcher given in argument to this method.

		funcs = reflect.ValueOf(v).Elem().FieldByName("fns")
	)

	for i := 0; i < funcs.Len(); i++ {
		got = append(got, getFuncName(funcs.Index(i)))
	}

	return fmt.Sprint(got) == fmt.Sprint(fnames), fmt.Sprintf("expects %v, got %v", fnames, got)
}

func getFuncName(fc interface{}) string {
	reflectValue, ok := fc.(reflect.Value)
	if !ok {
		reflectValue = reflect.ValueOf(fc)
	}

   * writing.
   *
   * [grpc]: https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md
   */
  open fun isDuplex(): Boolean = false

  /**
   * Returns true if this body expects at most one call to [writeTo] and can be transmitted
   * at most once. This is typically used when writing the request body is destructive and it is not
   * possible to recreate the request body after it has been sent.
   *