responses += response
    routes += route
    if (!schemeMatches(response) || credential == null) return null
    val header =
      when (response.code) {
        407 -> "Proxy-Authorization"
        else -> "Authorization"
      }
    return response.request
      .newBuilder()
      .addHeader(header, credential)
      .build()
  }

  private fun schemeMatches(response: Response): Boolean {

 * and the implementation should respond with a new request that sets the "Authorization" header.
 *
 * ```java
 * if (response.request().header("Authorization") != null) {
 *   return null; // Give up, we've already failed to authenticate.
 * }
 *
 * String credential = Credentials.basic(...)
 * return response.request().newBuilder()
 *     .header("Authorization", credential)
 *     .build();
 * ```
 *

        .add("content-length", "99")
        .add("authorization", "peanutbutter")
        .add("proxy-authorization", "chocolate")
        .add("cookie", "drink=coffee")
        .add("set-cookie", "accessory=sugar")
        .add("user-agent", "OkHttp")
        .build()
    assertThat(headers.toString()).isEqualTo(
      """
      |content-length: 99
      |authorization: ██
      |proxy-authorization: ██
      |cookie: ██

        req.addHeader("Authorization", "Bearer " + token);
        assertEquals(token, accessTokenHelper.getAccessTokenFromRequest(req));
    }

    public void test_getAccessTokenFromRequest_ok1() {
        final String token = accessTokenHelper.generateAccessToken();
        MockletHttpServletRequest req = getMockRequest();
        req.addHeader("Authorization", token);

        }).orElse(null);
    }

    /**
     * Gets the authorization URL for OpenID Connect.
     *
     * @param request the HTTP servlet request
     * @return the authorization URL
     */
    protected String getAuthUrl(final HttpServletRequest request) {
        final String state = UuidUtil.create();

            url.toUrl(),
            Authenticator.RequestorType.SERVER,
          )
        }

      if (auth != null) {
        val credentialHeader = if (proxyAuthorization) "Proxy-Authorization" else "Authorization"
        val credential =
          Credentials.basic(
            auth.userName,
            String(auth.password),
            challenge.charset,
          )
        return request

public final class Authenticate {
  private final OkHttpClient client;

  public Authenticate() {
    client = new OkHttpClient.Builder()
        .authenticator((route, response) -> {
          if (response.request().header("Authorization") != null) {
            return null; // Give up, we've already attempted to authenticate.
          }

          System.out.println("Authenticating for response: " + response);

  }

  @Test
  fun requestToStringRedactsSensitiveHeaders() {
    val headers =
      Headers
        .Builder()
        .add("content-length", "99")
        .add("authorization", "peanutbutter")
        .add("proxy-authorization", "chocolate")
        .add("cookie", "drink=coffee")
        .add("set-cookie", "accessory=sugar")
        .add("user-agent", "OkHttp")
        .build()
    val request =

  }

  @Test
  fun requestToStringRedactsSensitiveHeaders() {
    val headers =
      Headers
        .Builder()
        .add("content-length", "99")
        .add("authorization", "peanutbutter")
        .add("proxy-authorization", "chocolate")
        .add("cookie", "drink=coffee")
        .add("set-cookie", "accessory=sugar")
        .add("user-agent", "OkHttp")
        .build()
    val request =

 */
package org.codelibs.fess.exception;

/**
 * Exception thrown when an invalid access token is encountered.
 * This exception is typically used in authentication and authorization contexts
 * where a provided access token is invalid, expired, or malformed.
 */
public class InvalidAccessTokenException extends FessSystemException {

    /** Serial version UID for serialization */