As the `get_current_active_user` dependency has as a sub-dependency on `get_current_user`, the scope `"me"` declared at `get_current_active_user` will be included in the list of required scopes in the `security_scopes.scopes` passed to `get_current_user`.

The *path operation* itself also declares a scope, `"items"`, so this will also be in the list of `security_scopes.scopes` passed to `get_current_user`.

			<version>${utflute.version}</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.mockito</groupId>
			<artifactId>mockito-core</artifactId>
			<version>5.14.2</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.eclipse.jetty</groupId>
			<artifactId>jetty-server</artifactId>
			<version>12.0.32</version>
			<scope>test</scope>
		</dependency>
		<dependency>

			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>org.codelibs.opensearch</groupId>
			<artifactId>opensearch-runner</artifactId>
			<version>${opensearch.runner.version}</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<version>${junit.version}</version>
			<scope>test</scope>
		</dependency>

由於現在宣告了這些 scopes，當你登入／授權時，它們會出現在 API 文件中。

你可以選擇要授予哪些 scopes 存取權：`me` 與 `items`。

這與你使用 Facebook、Google、GitHub 等登入時所授與權限的機制相同：

<img src="/img/tutorial/security/image11.png">

## 內含 scopes 的 JWT token { #jwt-token-with-scopes }

現在，修改 token 的路徑操作以回傳所請求的 scopes。

我們仍然使用相同的 `OAuth2PasswordRequestForm`。它包含屬性 `scopes`，其為 `list` 的 `str`，列出請求中收到的每個 scope。

並且我們將這些 scopes 作為 JWT token 的一部分回傳。

/// danger

			<version>12.0.32</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.eclipse.jetty.ee10</groupId>
			<artifactId>jetty-ee10-servlet</artifactId>
			<version>12.0.16</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>slf4j-simple</artifactId>
			<version>${slf4j.version}</version>
			<scope>test</scope>
		</dependency>

        username: str = payload.get("sub")
        if username is None:
            raise credentials_exception
        scope: str = payload.get("scope", "")
        token_scopes = scope.split(" ")
        token_data = TokenData(scopes=token_scopes, username=username)
    except (InvalidTokenError, ValidationError):
        raise credentials_exception

    }

    /**
     * Retrieves the authentication scope associated with this authentication.
     *
     * @return the {@link AuthScope} object representing the authentication scope.
     */
    public AuthScope getAuthScope() {
        return authScope;
    }

    /**
     * Sets the authentication scope.
     *
     * @param authScope the authentication scope to set
     */

    }

    /**
     * Retrieves the authentication scope associated with this authentication.
     *
     * @return the {@link AuthScope} object representing the authentication scope.
     */
    public AuthScope getAuthScope() {
        return authScope;
    }

    /**
     * Sets the authentication scope.
     *
     * @param authScope the authentication scope to set
     */

        username = payload.get("sub")
        if username is None:
            raise credentials_exception
        scope: str = payload.get("scope", "")
        token_scopes = scope.split(" ")
        token_data = TokenData(scopes=token_scopes, username=username)
    except (InvalidTokenError, ValidationError):
        raise credentials_exception

            <version>${teamcity.dsl.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.jetbrains.teamcity</groupId>
            <artifactId>configs-dsl-kotlin-latest</artifactId>
            <version>${teamcity.dsl.version}</version>
            <scope>compile</scope>
        </dependency>
        <dependency>