## Introduction

MinIO provides a custom STS API that allows authentication with client X.509 / TLS certificates.

A major advantage of certificate-based authentication compared to other STS authentication methods, like OpenID Connect or LDAP/AD, is that client authentication works without any additional/external component that must be constantly available. Therefore, certificate-based authentication may provide better availability / lower operational complexity.

 *
 * ### Server Authentication
 *
 * This is the most common form of TLS authentication: clients verify that servers are trusted and
 * that they own the hostnames that they represent. Server authentication is required.
 *
 * To perform server authentication:
 *
 *  * The server's handshake certificates must have a [held certificate][HeldCertificate] (a

syntax = "proto2";

package k8s.io.api.authentication.v1alpha1;

import "k8s.io/api/authentication/v1/generated.proto";
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";

// Package-wide variables from generator "generated".
option go_package = "k8s.io/api/authentication/v1alpha1";

    * authentication).
    */
    public static final int NTLMSSP_TARGET_TYPE_SHARE = 0x00040000;

    /**
    * Indicates that the NTLM2 signing and sealing scheme should be used
    * for protecting authenticated communications.  This refers to a
    * particular session security scheme, and is not related to the use
    * of NTLMv2 authentication.
    */ 

     * @since 3.0-beta-1
     */
    boolean isProjectAware();

    /**
     * @param authentication authentication
     * @since 3.0-alpha-3
     */
    void setAuthentication(Authentication authentication);

    /**
     * @return repository authentication
     * @since 3.0-alpha-3
     */
    Authentication getAuthentication();

    /**
     * @param proxy proxy
     * @since 3.0-alpha-3

    * A cookie.
* `http`: standard HTTP authentication systems, including:
    * `bearer`: a header `Authorization` with a value of `Bearer ` plus a token. This is inherited from OAuth2.
    * HTTP Basic authentication.
    * HTTP Digest, etc.
* `oauth2`: all the OAuth2 ways to handle security (called "flows").
    * Several of these flows are appropriate for building an OAuth 2.0 authentication provider (like Google, Facebook, Twitter, GitHub, etc):

                available, instead of erroring out, the dependency result will be
                `None`.

                This is useful when you want to have optional authentication.

                It is also useful when you want to have authentication that can be
                provided in one of multiple optional ways (for example, in a query
                parameter or in an HTTP Bearer token).
                """
            ),

     * This is used in the negotation of local authentication.
     */
    public static final int NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED = 0x00001000;

    /**
     * Indicates whether the OEM-formatted workstation name is supplied
     * in the Type-1 message. This is used in the negotiation of local
     * authentication.
     */

            }
        }
    }

    private Authentication getAuthentication(AuthenticationSelector selector, ArtifactRepository repository) {
        if (selector != null) {
            RemoteRepository repo = RepositoryUtils.toRepo(repository);
            org.eclipse.aether.repository.Authentication auth = selector.getAuthentication(repo);
            if (auth != null) {

connect(repository.Repository) throws ConnectionException, authentication.AuthenticationExcept; public abstract void connect(repository.Repository, proxy.ProxyInfo) throws ConnectionException, authentication.AuthenticationExcept; public abstract void connect(repository.Repository, authentication.AuthenticationInfo) throws ConnectionException, authentication.AuthenticationExcept; public abstract void connect(repository.Repository, authentication.AuthenticationInfo, proxy.ProxyInfo) throws ConnectionException,...