The id_token received is a signed JSON Web Token (JWT). Use a JWT decoder to decode the id_token to access the payload of the token that includes following JWT claims, `policy` claim is mandatory and should be present as part of your JWT claim. Without this claim the generated credentials will not have access to any resources on the server, using these credentials application would receive 'Access Denied' errors.

        bool((must, should, mustNot, filter) -> {
            filteredLambda.callback(must, filter);
        }, opLambda);
    }

    public void not(OperatorCall<RoleCQ> notLambda) {
        not(notLambda, null);
    }

    public void not(final OperatorCall<RoleCQ> notLambda, final ConditionOptionCall<BoolQueryBuilder> opLambda) {

                }
              });
          executionThread.start();
        }
      };

  @Override
  protected final void tearDown() {
    tearDownStack.runTearDown();
    assertWithMessage("exceptions should not be propagated to uncaught exception handlers")
        .that(thrownByExecutionThread)
        .isNull();
  }

  public void testServiceStartStop() throws Exception {

    assertFalse(fakePool.hasNext());
    e.execute(intCounter);
    // A task should have been scheduled
    assertTrue(fakePool.hasNext());
    e.execute(intCounter);
    // Our executor hasn't run any tasks yet.
    assertEquals(0, totalCalls.get());
    fakePool.runAll();
    assertEquals(2, totalCalls.get());
    // Queue is empty so no runner should be scheduled.
    assertFalse(fakePool.hasNext());

 * as a cental repository for all jCIFS configuration properties. It cannot be
 * instantiated. Similar to <code>System</code> properties the namespace
 * is global therefore property names should be unique. Before use,
 * the <code>load</code> method should be called with the name of a
 * <code>Properties</code> file (or <code>null</code> indicating no
 * file) to initialize the <code>Config</code>. The <code>System</code>

 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

     */
    @CustomSize(maxKey = "form.admin.max.input.size")
    public String permissions;

    /**
     * The parameter name for the access token.
     * This field specifies how the token should be passed in API requests.
     * Maximum length is 10000 characters.
     */
    @Size(max = 10000)
    public String parameterName;

    /**
     * The expiration date and time for the access token.

  public void testRemoveAtIndex_last() {
    runRemoveTest(getNumElements() - 1);
  }

  private void runRemoveTest(int index) {
    assertEquals(
        Platform.format("remove(%d) should return the element at index %d", index, index),
        getList().get(index),
        getList().remove(index));
    List<E> expected = copyToList(createSamplesArray());
    expected.remove(index);

import okhttp3.mockwebserver.RecordedRequest;
import okio.ByteString;

/**
 * Runs a MockWebServer on localhost and uses it as the backend to receive an OAuth session.
 *
 * <p>Clients should call {@link #start}, {@link #newAuthorizeUrl} and {@link #close} in that order.
 * Clients may request multiple sessions.
 */
public final class OAuthSessionFactory extends Dispatcher implements Closeable {