tokStarted = true;
                        tokBuf.append(tok.trim());
                        break;
                }
            }

            // Handle case where end of token stream and
            // still got data
            if ((!exit) && (tokStarted)) {
                retVal = tokBuf.toString();
            }
        }

        return optional ? "?" + retVal : retVal;

By default this plugin uses HTTP 1.x. To enable HTTP2 use the `MINIO_POLICY_PLUGIN_ENABLE_HTTP2` environment variable.

## Request and Response

MinIO will make a `POST` request with a JSON body to the given plugin URL. If the auth token parameter is set, it will be sent as an authorization header.

The JSON body structure can be seen from this sample:

<details><summary>Request Body Sample</summary>

```json
{
  "input": {

const DefaultSkewTime = 15 * time.Minute

// validateStorageRequestToken will validate the token against the provided audience.
func validateStorageRequestToken(token string) error {
	claims := xjwt.NewStandardClaims()
	if err := xjwt.ParseWithStandardClaims(token, claims, []byte(globalActiveCred.SecretKey)); err != nil {
		return errAuthentication
	}

        val request = HttpRequest.newBuilder()
            .uri(URI(uri))
            .apply {
                if (githubToken.isPresent) {
                    header("Authorization", "token ${githubToken.get()}")
                }
            }
            .build()
        val response = HttpClient.newHttpClient().send(request, HttpResponse.BodyHandlers.ofString())
        if (response.statusCode() > 399) {

pkg errors, func AsType[$0 error](error) ($0, bool) #51945
pkg go/ast, func ParseDirective(token.Pos, string) (Directive, bool) #68021
pkg go/ast, method (*Directive) End() token.Pos #68021
pkg go/ast, method (*Directive) ParseArgs() ([]DirectiveArg, error) #68021
pkg go/ast, method (*Directive) Pos() token.Pos #68021
pkg go/ast, type BasicLit struct, ValueEnd token.Pos #76031
pkg go/ast, type Directive struct #68021

                        tokStarted = true;
                        tokBuf.append(tok.trim());
                        break;
                }
            }

            // Handle case where end of token stream and
            // still got data
            if ((!exit) && (tokStarted)) {
                retVal = tokBuf.toString();
            }
        }

        return optional ? "?" + retVal : retVal;

//
//   notify:
//     endpoint: https://notify.endpoint # notification endpoint to receive job completion status
//     token: Bearer xxxxx # optional authentication token for the notification endpoint
//
//   retry:
//     attempts: 10 # number of retries for the job before giving up
//     delay: 500ms # least amount of delay between each retry

			Type:        "url",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         target.WebhookAuthToken,
			Description: "opaque string or JWT authorization token",
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
			Secret:      true,
		},
		config.HelpKV{
			Key:         target.WebhookQueueDir,
			Description: queueDirComment,
			Optional:    true,

        final PagingList<KuromojiItem> itemList = kuromojiFile.selectList(0, 5);
        for (int i = 0; i < itemList.size(); i++) {
            final KuromojiItem kuromojiItem = itemList.get(i);
            assertEquals("token" + (i + 1), kuromojiItem.getToken());
            assertEquals("seg" + (i + 1), kuromojiItem.getSegmentation());
            assertEquals("reading" + (i + 1), kuromojiItem.getReading());

    * A query parameter.
    * A header.
    * A cookie.
* `http`: standard HTTP authentication systems, including:
    * `bearer`: a header `Authorization` with a value of `Bearer ` plus a token. This is inherited from OAuth2.
    * HTTP Basic authentication.
    * HTTP Digest, etc.
* `oauth2`: all the OAuth2 ways to handle security (called "flows").