defer ts.Close()

	// Make the certificate of the helper server available to the authenticator
	caBundle := pem.EncodeToMemory(&pem.Block{
		Type:  "CERTIFICATE",
		Bytes: ts.Certificate().Raw,
	})
	caContent, err := dynamiccertificates.NewStaticCAContent("oidc-authenticator", caBundle)
	if err != nil {
		t.Fatalf("initialize ca: %v", err)
	}
	c.options.CAContentProvider = caContent

	flagset.StringVar(&o.AuthPluginName, "auth-plugin-name", o.AuthPluginName,
		fmt.Sprintf("Authenticator plug-in name. --auth-type=%v must be set with this option",
			RemoteSecretAuthTypePlugin))
	flagset.StringToString("auth-plugin-config", o.AuthPluginConfig,
		fmt.Sprintf("Authenticator plug-in configuration. --auth-type=%v must be set with this option",
			RemoteSecretAuthTypePlugin))
	flagset.Var(&o.Type, "type",

	socks5Server := func(creds *socks5.StaticCredentials, interceptor *Interceptor) *socks5.Server {
		var conf *socks5.Config
		if creds != nil {
			authenticator := socks5.UserPassAuthenticator{Credentials: creds}
			conf = &socks5.Config{
				AuthMethods: []socks5.Authenticator{authenticator},
				Rewriter:    interceptor,
			}
		} else {
			conf = &socks5.Config{Rewriter: interceptor}
		}

		ts, err := socks5.New(conf)

        .authenticator(authenticator)
        .build()
    executeSynchronously("/")
      .assertCode(401)
    assertThat(authenticator.onlyRoute()).isNotNull()
  }

  @Test
  fun delete() {
    server.enqueue(MockResponse(body = "abc"))
    val request =
      Request.Builder()
        .url(server.url("/"))
        .delete()
        .build()
    executeSynchronously(request)

      ),
    )
    server.enqueue(MockResponse(body = "ABC"))
    val latch = CountDownLatch(1)
    val responses: BlockingQueue<String?> = SynchronousQueue()
    val authenticator =
      okhttp3.Authenticator { route: Route?, response: Response? ->
        responses.offer(response!!.body.string())
        try {
          latch.await()
        } catch (e: InterruptedException) {

      }
    }
    ```

 *  New: `MediaType.parameter()` gets a parameter like `boundary` from a media type like
    `multipart/mixed; boundary="abc"`.

 *  New: `Authenticator.JAVA_NET_AUTHENTICATOR` forwards authentication requests to
    `java.net.Authenticator`. This obsoletes `JavaNetAuthenticator` in the `okhttp-urlconnection`
    module.

 *  New: `CertificatePinner` now offers an API for inspecting the configured pins.

	// handlers that we have.
	return []controlplaneapiserver.RESTStorageProvider{
		legacyRESTStorageProvider,
		apiserverinternalrest.StorageProvider{},
		authenticationrest.RESTStorageProvider{Authenticator: c.ControlPlane.Generic.Authentication.Authenticator, APIAudiences: c.ControlPlane.Generic.Authentication.APIAudiences},

	"github.com/spf13/pflag"

	utilerrors "k8s.io/apimachinery/pkg/util/errors"
	"k8s.io/apimachinery/pkg/util/wait"
	"k8s.io/apiserver/pkg/apis/apiserver"
	"k8s.io/apiserver/pkg/authentication/authenticator"
	"k8s.io/apiserver/pkg/authentication/authenticatorfactory"
	"k8s.io/apiserver/pkg/authentication/request/headerrequest"
	"k8s.io/apiserver/pkg/features"
	apiserveroptions "k8s.io/apiserver/pkg/server/options"

    public LoginCredential getLoginCredential() {
        return LaRequestUtil.getOptionalRequest().map(request -> {
            if (logger.isDebugEnabled()) {
                logger.debug("Logging in with OpenID Connect Authenticator");
            }
            final HttpSession session = request.getSession(false);
            if (session != null) {
                final String sesState = (String) session.getAttribute(OIC_STATE);

   *    has since been closed by the server.
   *  * A client timeout (HTTP 408).
   *  * A authorization challenge (HTTP 401 and 407) that is satisfied by the [Authenticator].
   *  * A retryable server failure (HTTP 503 with a `Retry-After: 0` response header).
   *  * A misdirected request (HTTP 421) on a coalesced connection.
   */
  open fun isOneShot(): Boolean = commonIsOneShot()