Request
        .Builder()
        .url(server.url("/"))
        .method("POST", body.toRequestBody(null))
        .build()
    val credential = basic("jesse", "secret")
    client =
      client
        .newBuilder()
        .authenticator(RecordingOkAuthenticator(credential, null))
        .build()
    val response = client.newCall(request).execute()
    assertThat(response.code).isEqualTo(200)

}
```

Use the Presigned URL via `curl` to receive the transformed object.
```
curl -v $(go run presigned.go)
...
...

    server.enqueue(
      MockResponse(code = 401),
    )
    server.enqueue(MockResponse())
    val credential = basic("jesse", "secret")
    client =
      client
        .newBuilder()
        .authenticator(RecordingOkAuthenticator(credential, null))
        .build()
    val response =
      getResponse(
        Request(
          url = server.url("/"),

import javax.security.auth.login.LoginException;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import jcifs.CIFSException;

/**
 * JAAS kerberos authenticator
 *
 * Either configure JAAS for credential caching or reuse a single instance of this authenticator -otherwise you won't
 * get proper ticket caching.
 *
 * Be advised that short/NetBIOS name usage is not supported with this authenticator. Always specify full FQDNs/Realm.

	scope := getScope(date, region)
	credential := fmt.Sprintf("%s/%s", accessKeyID, scope)

	// Set URL query.
	query := req.URL.Query()
	query.Set("X-Amz-Algorithm", signV4Algorithm)
	query.Set("X-Amz-Date", date.Format(iso8601Format))
	query.Set("X-Amz-Expires", strconv.FormatInt(expires, 10))
	query.Set("X-Amz-SignedHeaders", "host")
	query.Set("X-Amz-Credential", credential)

}
```

These credentials can now be used to perform MinIO API operations, these credentials automatically expire in 1hr. To understand more about credential expiry duration and client grants STS API read further [here](https://github.com/minio/minio/blob/master/docs/sts/client-grants.md).

## Explore Further

	// Not allowed to add a user with same access key as root credential
	if accessKey == globalActiveCred.AccessKey {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL)
		return
	}

	user, exists := globalIAMSys.GetUser(ctx, accessKey)
	if exists && (user.Credentials.IsTemp() || user.Credentials.IsServiceAccount()) {
		// Updating STS credential is not allowed, and this API does not

	"$expires":                 true,
	"$key":                     true,
	"$success_action_redirect": true,
	"$redirect":                true,
	"$success_action_status":   true,
	"$x-amz-algorithm":         false,
	"$x-amz-credential":        false,
	"$x-amz-date":              false,
	"$tagging":                 false,
}

// Add policy conditionals.
const (
	policyCondEqual         = "eq"
	policyCondStartsWith    = "starts-with"

    @Test
    public void test_maskSensitiveValue_withCredential() {
        assertEquals("********", SystemUtil.maskSensitiveValue("GOOGLE_CREDENTIALS", "{}"));
        assertEquals("********", SystemUtil.maskSensitiveValue("credential", "user:pass"));
    }

    @Test
    public void test_maskSensitiveValue_withAuth() {
        assertEquals("********", SystemUtil.maskSensitiveValue("BASIC_AUTH", "dXNlcjpwYXNz"));

	AmzAlgorithm            = "X-Amz-Algorithm"
	AmzExpires              = "X-Amz-Expires"
	AmzSignedHeaders        = "X-Amz-SignedHeaders"
	AmzSignature            = "X-Amz-Signature"
	AmzCredential           = "X-Amz-Credential"
	AmzSecurityToken        = "X-Amz-Security-Token"
	AmzDecodedContentLength = "X-Amz-Decoded-Content-Length"
	AmzTrailer              = "X-Amz-Trailer"
	AmzMaxParts             = "X-Amz-Max-Parts"