// request, including temporary credentials that can be used to make
// MinIO API requests.
type AssumeRoleResult struct {
	// The identifiers for the temporary security credentials that the operation
	// returns.
	AssumedRoleUser AssumedRoleUser `xml:",omitempty"`

	// The temporary security credentials, which include an access key ID, a secret
	// access key, and a security (or session) token.

import (
	"bytes"
	"testing"

	"github.com/minio/madmin-go/v3"
	"github.com/minio/minio/internal/auth"
)

func TestDecryptData(t *testing.T) {
	cred1 := auth.Credentials{
		AccessKey: "minio",
		SecretKey: "minio123",
	}

	cred2 := auth.Credentials{
		AccessKey: "minio",
		SecretKey: "minio1234",
	}

	data := []byte(`config data`)
	edata1, err := madmin.EncryptData(cred1.String(), data)
	if err != nil {

import jcifs.CIFSContext;
import jcifs.Configuration;
import jcifs.Credentials;
import jcifs.SmbTransportPool;
import jcifs.internal.dfs.DfsReferralDataInternal;

class DfsImplTest {

    private DfsImpl dfsImpl;
    private CIFSContext mockContext;
    private Configuration mockConfig;
    private Credentials mockCredentials;
    private SmbTransportPool mockTransportPool;

    @BeforeEach

** Note **
Previously, site replication required the root credentials of peer sites to be identical. This is no longer necessary because STS tokens are now signed with the site replicator service account credentials, thus allowing flexibility in the independent management of root accounts across sites and the ability to disable root accounts eventually.

		}
	} else {
		// Temporary credentials are not allowed.
		if ui.Credentials.IsTemp() {
			return nil, errAuthentication
		}
		if subtle.ConstantTimeCompare([]byte(ui.Credentials.SecretKey), pass) != 1 {
			return nil, errAuthentication
		}
	}

	copts := map[string]string{
		"AccessKey": ui.Credentials.AccessKey,
		"SecretKey": ui.Credentials.SecretKey,
	}
	if ui.Credentials.IsTemp() {

     */
    public JAASAuthenticator(String serviceName) {
        super(null);
        this.serviceName = serviceName;
    }

    /**
     * Create an authenticator using the given JAAS service and the specified credentials
     *
     * @param serviceName
     *            JAAS configuration name
     * @param domain the domain for authentication
     * @param username the username for authentication

        @Override
        public CredentialsInternal renew() {
            // Returns itself as the renewed credentials
            return this;
        }
    }

    static class NewRenewingCreds extends BaseCreds {
        @Override
        public CredentialsInternal renew() {
            // Returns a distinct, new credentials instance
            return new NewRenewingCreds();
        }
    }

package jcifs.smb;

/**
 * Interface for renewable SMB credentials.
 *
 * This interface defines methods for credentials that can be
 * automatically renewed during long-running operations.
 *
 * @author mbechler
 */
public interface SmbRenewableCredentials extends CredentialsInternal {

    /**
     * Renew the credentials
     *
     * @return the renewed credentials
     */
    CredentialsInternal renew();

 *
 * ```java
 * if (response.request().header("Authorization") != null) {
 *   return null; // Give up, we've already failed to authenticate.
 * }
 *
 * String credential = Credentials.basic(...)
 * return response.request().newBuilder()
 *     .header("Authorization", credential)
 *     .build();
 * ```
 *
 * When reactive authentication is requested by a proxy server, the response code is 407 and the

⤴️ 👥 💪 ⚙️ `secrets.compare_digest()` 🚚 👈 `credentials.username` `"stanleyjobson"`, & 👈 `credentials.password` `"swordfish"`.

{* ../../docs_src/security/tutorial007.py hl[1,11:21] *}

👉 🔜 🎏:

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # Return some error
    ...
```