</AssumeRoleWithCertificateResponse>
```

## Authentication Flow

A client can request temp. S3 credentials via the STS API. It can authenticate via a client certificate and obtain a access/secret key pair as well as a session token. These credentials are associated to an S3 policy at the MinIO server.

            result.setParameterName(DfTypeUtil.toString(source.get("parameter_name")));
            result.setPermissions(toStringArray(source.get("permissions")));
            result.setToken(DfTypeUtil.toString(source.get("token")));
            result.setUpdatedBy(DfTypeUtil.toString(source.get("updatedBy")));
            result.setUpdatedTime(DfTypeUtil.toLong(source.get("updatedTime")));
            return updateEntity(source, result);

		go func(inbound chan []byte) {
			wg.Wait()
			defer xioutil.SafeClose(handlerIn)
			m.handleInbound(c, inbound, handlerIn)
		}(m.inbound)
	}
	// Fill outbound block.
	// Each token represents a message that can be sent to the client without blocking.
	// The client will refill the tokens as they confirm delivery of the messages.
	for range outboundCap {
		m.outBlock <- struct{}{}
	}

Sie verfügt über eine `GET`-Operation, die einen Fehler zurückgeben könnte.

Sie verfügt über eine `POST`-Operation, die mehrere Fehler zurückgeben könnte.

Beide *Pfadoperationen* erfordern einen `X-Token`-Header.

{* ../../docs_src/app_testing/app_b_an_py310/main.py *}

### Erweiterte Testdatei { #extended-testing-file }

Anschließend könnten Sie `test_main.py` mit den erweiterten Tests aktualisieren:

It has a `GET` operation that could return an error.

It has a `POST` operation that could return several errors.

Both *path operations* require an `X-Token` header.

{* ../../docs_src/app_testing/app_b_an_py310/main.py *}

### Extended testing file { #extended-testing-file }

You could then update `test_main.py` with the extended tests:

Він має `GET`-операцію, яка може повертати помилку.

Він має `POST`-операцію, яка може повертати кілька помилок.

Обидві операції шляху вимагають заголовок `X-Token`.

//// tab | Python 3.10+

```Python
{!> ../../docs_src/app_testing/app_b_an_py310/main.py!}
```

////

//// tab | Python 3.9+

```Python

}

// UnmarshalXML - decodes XML data.
func (f *Filter) UnmarshalXML(d *xml.Decoder, start xml.StartElement) (err error) {
	f.set = true
	for {
		// Read tokens from the XML document in a stream.
		t, err := d.Token()
		if err != nil {
			if err == io.EOF {
				break
			}
			return err
		}

		if se, ok := t.(xml.StartElement); ok {
			switch se.Name.Local {
			case "Prefix":
				var p Prefix

        byte[] type1Token = context.initSecContext(new byte[0], 0, 0);

        assertNotNull(type1Token);
        assertTrue(type1Token.length > 0);

        // Decode the token to verify its properties
        Type1Message type1Message = new Type1Message(type1Token);
        // Type1Message ORs default flags with provided flags; ensure expected bits are present

	req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(buf))
	if err != nil {
		return err
	}

	if token != "" {
		req.Header.Set("Authorization", token)
	}
	req.Header.Set("Content-Type", "application/json")

	clnt := http.Client{Transport: getRemoteInstanceTransport()}
	resp, err := clnt.Do(req)
	if err != nil {
		return err
	}

	xhttp.DrainBody(resp.Body)

- On finding at least one associated policy, MinIO generates temporary credentials for the user storing the list of groups in a cryptographically secure session token. The temporary access key, secret key and session token are returned to the user.
- The user can now use these credentials to make requests to the MinIO server.