if strings.Contains(o.FilterPrefix, slashSeparator) {
		// Sanity check, should not happen.
		o.FilterPrefix = ""
	}
}

// filter will apply the options and return the number of objects requested by the limit.
// Will return io.EOF if there are no more entries with the same filter.
// The last entry can be used as a marker to resume the listing.

        // Then
        assertNull(type3.getDomain());
        assertNull(type3.getUser());
        assertNull(type3.getWorkstation());
    }

    @Test
    @DisplayName("Should generate session key when requested")
    void testSessionKeyGeneration() throws Exception {
        // Given
        Type2Message type2 = createMockType2Message();
        int flags = NtlmFlags.NTLMSSP_NEGOTIATE_NTLM | NtlmFlags.NTLMSSP_NEGOTIATE_KEY_EXCH

    }

    /**
     * Adds a search log to the queue.
     *
     * @param params The search request parameters.
     * @param requestedTime The time the search was requested.
     * @param queryId The ID of the search query.
     * @param query The search query.
     * @param pageStart The starting page number.
     * @param pageSize The size of the page.

export MINIO_IDENTITY_OPENID_CONFIG_URL=https://accounts.google.com/.well-known/openid-configuration
export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
# Optional: Allow to specify the requested OpenID scopes (OpenID only requires the `openid` scope)
#export MINIO_IDENTITY_OPENID_SCOPES="openid,profile,email"
minio server /mnt/export
```

or using `mc`

```

     *
     * SPNEGO authentication typically doesn't require special response handling
     * for metadata or logout operations, so this method returns null.
     *
     * @param responseType The type of SSO response requested
     * @return Always returns null for SPNEGO authentication
     */
    @Override
    public ActionResponse getResponse(final SsoResponseType responseType) {
        return null;
    }

    /**

<img src="/img/tutorial/security/image11.png">

## JWT token with scopes { #jwt-token-with-scopes }

Now, modify the token *path operation* to return the scopes requested.

We are still using the same `OAuth2PasswordRequestForm`. It includes a property `scopes` with a `list` of `str`, with each scope it received in the request.

And we return the scopes as part of the JWT token.

For active-active replication, automatic failover occurs on `GET/HEAD` operations if object or object version requested qualifies for replication and is missing on one site, but present on the other. This allows the applications to take full advantage of two-way replication even before the two sites get fully synced.

		writeErrorResponseHeadersOnly(w, toAPIError(ctx, err))
		return
	}

	// s3zip does not allow ranges.
	w.Header().Del(xhttp.AcceptRanges)

	// Set any additional requested response headers.
	setHeadGetRespHeaders(w, r.Form)

	// Successful response.
	w.WriteHeader(http.StatusOK)
}

	cred := globalActiveCred
	if err := signRequestV4(req, cred.AccessKey, cred.SecretKey); err != nil {
		t.Fatalf("Unable to initialized new signed http request %s", err)
	}
	return req
}

// Tests is requested authenticated function, tests replies for s3 errors.
func TestIsReqAuthenticated(t *testing.T) {
	ctx, cancel := context.WithCancel(GlobalContext)
	defer cancel()

	objLayer, fsDir, err := prepareFS(ctx)

            return lastAccessTime;
        }
    }

    /**
     * Request a lease for a file path
     *
     * @param path file path
     * @param requestedState requested lease state
     * @return lease key for the request
     */
    public Smb2LeaseKey requestLease(String path, int requestedState) {
        lock.writeLock().lock();
        try {