* HTTP Digest, usw.
* `oauth2`: Alle OAuth2-Methoden zum Umgang mit Sicherheit (genannt „Flows“).
    * Mehrere dieser Flows eignen sich zum Aufbau eines OAuth 2.0-Authentifizierungsanbieters (wie Google, Facebook, X (Twitter), GitHub usw.):
        * `implicit`
        * `clientCredentials`
        * `authorizationCode`

    * HTTP Digest, etc.
* `oauth2`: all the OAuth2 ways to handle security (called "flows").
    * Several of these flows are appropriate for building an OAuth 2.0 authentication provider (like Google, Facebook, X (Twitter), GitHub, etc):
        * `implicit`
        * `clientCredentials`
        * `authorizationCode`
    * But there is one specific "flow" that can be perfectly used for handling authentication in the same application directly:

The most common is the implicit flow.

The most secure is the code flow, but it's more complex to implement as it requires more steps. As it is more complex, many providers end up suggesting the implicit flow.

/// note

It's common that each authentication provider names their flows in a different way, to make it part of their brand.

    * ویژگی HTTP Digest و غیره.
* شیوه `oauth2`: تمام روش‌های OAuth2 برای مدیریت امنیت (به نام "flows").
    * چندین از این flows برای ساخت یک ارائه‌دهنده احراز هویت OAuth 2.0 مناسب هستند (مانند گوگل، فیسبوک، توییتر، گیت‌هاب و غیره):
        * ویژگی `implicit`
        * ویژگی `clientCredentials`
        * ویژگی `authorizationCode`
    * اما یک "flow" خاص وجود دارد که می‌تواند به طور کامل برای مدیریت احراز هویت در همان برنامه به کار رود:

Am häufigsten ist der „Implicit“-Flow.

Am sichersten ist der „Code“-Flow, die Implementierung ist jedoch komplexer, da mehr Schritte erforderlich sind. Da er komplexer ist, schlagen viele Anbieter letztendlich den „Implicit“-Flow vor.

/// note | Hinweis

It can be used by third party applications and systems.

And it can also be used by yourself, to debug, check and test the same application.

## The `password` flow { #the-password-flow }

Now let's go back a bit and understand what is all that.

The `password` "flow" is one of the ways ("flows") defined in OAuth2, to handle security and authentication.

 * application-specific data to provide context when invoking session methods.</p>
 *
 * <p>This trace information is particularly useful for:</p>
 * <ul>
 *   <li>Debugging and troubleshooting request flows</li>
 *   <li>Audit logging of session operations</li>
 *   <li>Performance monitoring of nested operations</li>
 * </ul>
 *

 *   <li>Project directory structures</li>
 * </ul>
 *
 * <p>Requests can optionally carry trace information through {@link RequestTrace} to support:
 * <ul>
 *   <li>Debugging and troubleshooting of request flows</li>
 *   <li>Audit logging of operations</li>
 *   <li>Performance monitoring of nested operations</li>
 * </ul>
 *
 * <p>This interface is designed to be extended by specific request types that handle

    * Базовая аутентификация по протоколу HTTP.
    * HTTP Digest и т.д.
* `oauth2`: все способы обеспечения безопасности OAuth2 называемые "потоки" (англ. "flows").
    * Некоторые из этих "потоков" подходят для реализации аутентификации через сторонний сервис использующий OAuth 2.0 (например, Google, Facebook, X (Twitter), GitHub и т.д.):
        * `implicit`
        * `clientCredentials`

import org.lastaflute.web.response.ActionResponse;
import org.lastaflute.web.response.HtmlResponse;

/**
 * SSO (Single Sign-On) action controller.
 *
 * This action handles SSO authentication flows including login, logout, and metadata
 * operations. It coordinates with the SsoManager to perform authentication using
 * configured SSO providers and handles various authentication scenarios including