data = {}
        data["scopes"] = []
        for scope in form_data.scopes:
            data["scopes"].append(scope)
        if form_data.client_id:
            data["client_id"] = form_data.client_id
        if form_data.client_secret:
            data["client_secret"] = form_data.client_secret
        return data
    ```

./mc ready myminio
./mc mb myminio/test-bucket
./mc cp /etc/hosts myminio/test-bucket

./mc idp openid add myminio \
	config_url="http://localhost:5556/dex/.well-known/openid-configuration" \
	client_id="minio-client-app" \
	client_secret="minio-client-app-secret" \
	scopes="openid,groups,email,profile" \
	redirect_uri="http://127.0.0.1:10000/oauth_callback" \
	display_name="Login via dex1" \
	role_policy="consoleAdmin"

func (target *MQTTTarget) initMQTT() error {
	args := target.args

	// Using hex here, to make sure we avoid 23
	// character limit on client_id according to
	// MQTT spec.
	clientID := fmt.Sprintf("%x", time.Now().UnixNano())

	options := mqtt.NewClientOptions().
		SetClientID(clientID).
		SetCleanSession(true).
		SetUsername(args.User).
		SetPassword(args.Password).
		SetMaxReconnectInterval(args.MaxReconnectInterval).

/// tip

Oauth2️⃣ 🔌 🤙 *🚚* 🏑 `grant_type` ⏮️ 🔧 💲 `password`, ✋️ `OAuth2PasswordRequestForm` 🚫 🛠️ ⚫️.

🚥 👆 💪 🛠️ ⚫️, ⚙️ `OAuth2PasswordRequestFormStrict` ↩️ `OAuth2PasswordRequestForm`.

///

* 📦 `client_id` (👥 🚫 💪 ⚫️ 👆 🖼).
* 📦 `client_secret` (👥 🚫 💪 ⚫️ 👆 🖼).

/// info

`OAuth2PasswordRequestForm` 🚫 🎁 🎓 **FastAPI** `OAuth2PasswordBearer`.

	}

	if err = r.updateUserinfoClaims(ctx, arn, accessToken, mclaims); err != nil {
		return err
	}

	// Validate that matching clientID appears in the aud or azp claims.

	// REQUIRED. Audience(s) that this ID Token is intended for.
	// It MUST contain the OAuth 2.0 client_id of the Relying Party
	// as an audience value. It MAY also contain identifiers for
	// other audiences. In the general case, the aud value is an

                .setGrantType("authorization_code")//
                .setRedirectUri(getOicRedirectUrl())//
                .set("client_id", getOicClientId())//
                .set("client_secret", getOicClientSecret())//
                .execute();
    }

    protected String getOicClientSecret() {

If you need to enforce it, use `OAuth2PasswordRequestFormStrict` instead of `OAuth2PasswordRequestForm`.

///

* An optional `client_id` (we don't need it for our example).
* An optional `client_secret` (we don't need it for our example).

/// info

The `OAuth2PasswordRequestForm` is not a special class for **FastAPI** as is `OAuth2PasswordBearer`.

Wenn Sie es erzwingen müssen, verwenden Sie `OAuth2PasswordRequestFormStrict` anstelle von `OAuth2PasswordRequestForm`.

///

* Eine optionale `client_id` (benötigen wir für unser Beispiel nicht).
* Ein optionales `client_secret` (benötigen wir für unser Beispiel nicht).

/// info

/// tip | "提示"

实际上，OAuth2 规范*要求* `grant_type` 字段使用固定值 `password`，但 `OAuth2PasswordRequestForm` 没有作强制约束。

如需强制使用固定值 `password`，则不要用 `OAuth2PasswordRequestForm`，而是用 `OAuth2PasswordRequestFormStrict`。

///

* 可选的 `client_id`（本例未使用）
* 可选的 `client_secret`（本例未使用）

/// info | "说明"

`OAuth2PasswordRequestForm` 与 `OAuth2PasswordBearer` 一样，都不是 FastAPI 的特殊类。

**FastAPI** 把 `OAuth2PasswordBearer` 识别为安全方案。因此，可以通过这种方式把它添加至 OpenAPI。

/// 팁

OAuth2 사양은 실제로 `password`라는 고정 값이 있는 `grant_type` 필드를 *요구*하지만 `OAuth2PasswordRequestForm`은 이를 강요하지 않습니다.

사용해야 한다면 `OAuth2PasswordRequestForm` 대신 `OAuth2PasswordRequestFormStrict`를 사용하면 됩니다.

///

* `client_id`(선택적으로 사용) (예제에서는 필요하지 않습니다).
* `client_secret`(선택적으로 사용) (예제에서는 필요하지 않습니다).

/// 정보

`OAuth2PasswordRequestForm`은 `OAuth2PasswordBearer`와 같이 **FastAPI**에 대한 특수 클래스가 아닙니다.