serverAddress: InetSocketAddress,
  ): Future<Handshake> {
    return executorService.submit<Handshake> {
      SocketFactory.getDefault().createSocket().use { rawSocket ->
        rawSocket.connect(serverAddress)
        val sslSocket =
          client.sslSocketFactory().createSocket(
            rawSocket,
            rawSocket.inetAddress.hostAddress,
            rawSocket.port,
            true,

 */
@Deprecated(since = "4.0.0")
public class ReflectionValueExtractor {
    private static final Object[] OBJECT_ARGS = new Object[0];

    /**
     * Use a WeakHashMap here, so the keys (Class objects) can be garbage collected.
     * This approach prevents permgen space overflows due to retention of discarded
     * classloaders.
     */
    private static final Map<Class<?>, WeakReference<ClassMap>> CLASS_MAPS = new WeakHashMap<>();

    @Override
    public LoginCredential getLoginCredential() {
        return LaRequestUtil.getOptionalRequest().map(request -> {
            if (logger.isDebugEnabled()) {
                logger.debug("Logging in with OpenID Connect Authenticator");
            }
            final HttpSession session = request.getSession(false);
            if (session != null) {
                final String sesState = (String) session.getAttribute(OIC_STATE);

* If istio-agent does not find either the socket, or the certificate files in their respective paths it will start its own SDS Server using a `caClient` to connect to istiod or an external CA, to fetch cryptographic materials (See Default CA Flow).

![SDS decision flow](docs/sds-flow.svg)

### Default CA Flow through istio-agent

![CA Flow](docs/ca.svg)

  // +optional
  map<string, string> auditAnnotations = 6;

  // warnings is a list of warning messages to return to the requesting API client.
  // Warning messages describe a problem the client making the API request should correct or be aware of.
  // Limit warnings to 120 characters if possible.
  // Warnings over 256 characters and large numbers of warnings may be truncated.
  // +optional
  repeated string warnings = 7;
}

  // +optional
  map<string, string> auditAnnotations = 6;

  // warnings is a list of warning messages to return to the requesting API client.
  // Warning messages describe a problem the client making the API request should correct or be aware of.
  // Limit warnings to 120 characters if possible.
  // Warnings over 256 characters and large numbers of warnings may be truncated.
  // +optional
  repeated string warnings = 7;
}

Because we can trust it to receive the `username` and `password`, as we control it.

But if you are building an OAuth2 application that others would connect to (i.e., if you are building an authentication provider equivalent to Facebook, Google, GitHub, etc.) you should use one of the other flows.

The most common is the implicit flow.

port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }} Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/ You can now access MinIO server on http://localhost:9000. Follow the below steps to connect to MinIO server with mc client: 1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{...

port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }} Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/ You can now access MinIO server on http://localhost:9000. Follow the below steps to connect to MinIO server with mc client: 1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{...

port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }} Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/ You can now access MinIO server on http://localhost:9000. Follow the below steps to connect to MinIO server with mc client: 1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{...