* Gets the server path with access token for API requests.
     *
     * @return the complete server path including the access token
     * @throws FessSystemException if no access token is available
     */
    public String getServerPath() {
        return getSessionManager().getAttribute(Constants.SEARCH_ENGINE_API_ACCESS_TOKEN, String.class)
                .map(token -> ADMIN_SERVER + token)

    private static SpnegoToken getToken(final byte[] token, final int off, final int len) throws SpnegoException {
        byte[] b = new byte[len];
        if (off == 0 && token.length == len) {
            b = token;
        } else {
            System.arraycopy(token, off, b, 0, len);
        }
        return getToken(b);
    }

    private static SpnegoToken getToken(final byte[] token) throws SpnegoException {

    /**
     * The role for this action.
     */
    public static final String ROLE = "admin-accesstoken";

    /**
     * The token parameter.
     */
    public static final String TOKEN = "token";

    /**
     * The expires parameter.
     */
    public static final String EXPIRES = "expires";

    /**
     * The expired time parameter.
     */

	defer r.closeRespFn(resp.Body)
	if resp.StatusCode != http.StatusOK {
		return errors.New(resp.Status)
	}

	return r.pubKeys.parseAndAdd(resp.Body)
}

// ErrTokenExpired - error token expired
var (
	ErrTokenExpired = errors.New("token expired")
)

func updateClaimsExpiry(dsecs string, claims map[string]any) error {
	expStr := claims["exp"]
	if expStr == "" {
		return ErrTokenExpired
	}

from fastapi import FastAPI, File, Form, UploadFile

app = FastAPI()


@app.post("/files/")
async def create_file(
    file: bytes = File(), fileb: UploadFile = File(), token: str = Form()
):
    return {
        "file_size": len(file),
        "token": token,
        "fileb_content_type": fileb.content_type,

from fastapi import Depends, FastAPI, Header, HTTPException


async def verify_token(x_token: str = Header()):
    if x_token != "fake-super-secret-token":
        raise HTTPException(status_code=400, detail="X-Token header invalid")


async def verify_key(x_key: str = Header()):
    if x_key != "fake-super-secret-key":
        raise HTTPException(status_code=400, detail="X-Key header invalid")
    return x_key

## API Request Parameters

### Token

The OAuth 2.0 access token that is provided by the identity provider. Application must get this token by authenticating the application using client credential grants before the application makes an AssumeRoleWithClientGrants call.

        SpnegoContext ctx = newContext();

        // The initial token path should ask the mechanism for a zero-length optimistic token
        when(this.mechContext.getFlags()).thenReturn(0x1234);
        when(this.mechContext.initSecContext(any(byte[].class), eq(0), eq(0))).thenReturn(new byte[] { 0x01, 0x02 });

        // Act: len==0 triggers initial token construction
        byte[] out = ctx.initSecContext(null, 0, 0);

        SMBUtil.writeInt2(this.token != null ? this.token.length : 0, dst, dstIndex);
        dstIndex += 2;
        SMBUtil.writeInt8(this.previousSessionId, dst, dstIndex);
        dstIndex += 8;
        SMBUtil.writeInt2(dstIndex - getHeaderStart(), dst, offsetOffset);

        dstIndex += pad8(dstIndex);

        if (this.token != null) {
            System.arraycopy(this.token, 0, dst, dstIndex, this.token.length);

    /**
     * Constructs KerberosRelevantAuthData from token bytes.
     *
     * @param token the authorization data token
     * @param keys map of Kerberos keys indexed by key type
     * @throws PACDecodingException if decoding fails
     */
    public KerberosRelevantAuthData(byte[] token, Map<Integer, KerberosKey> keys) throws PACDecodingException {
        ASN1Sequence authSequence;