* The `username`.
* The `password`.
* An optional `scope` field as a big string, composed of strings separated by spaces.
* An optional `grant_type`.

!!! tip
    The OAuth2 spec actually *requires* a field `grant_type` with a fixed value of `password`, but `OAuth2PasswordRequestForm` doesn't enforce it.

Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of...

		// net.ip is implicitly convertible to netip as slice
		ip, _ := netip.AddrFromSlice(configuredPodIPs.Address.IP)
		// We ignore the mask of the IPNet - it's fine if the IPNet defines
		// a block grant of addresses, we just need one for checking routes.
		podIps = append(podIps, ip)
	}
	// Note that we use the IP info from the CNI plugin here - the Pod struct as reported by K8S doesn't have this info

    ```

`OAuth2PasswordRequestForm` 🎓 🔗 👈 📣 📨 💪 ⏮️:

*  `username`.
*  `password`.
* 📦 `scope` 🏑 🦏 🎻, ✍ 🎻 🎏 🚀.
* 📦 `grant_type`.

!!! tip
    Oauth2️⃣ 🔌 🤙 *🚚* 🏑 `grant_type` ⏮️ 🔧 💲 `password`, ✋️ `OAuth2PasswordRequestForm` 🚫 🛠️ ⚫️.

    🚥 👆 💪 🛠️ ⚫️, ⚙️ `OAuth2PasswordRequestFormStrict` ↩️ `OAuth2PasswordRequestForm`.

* 📦 `client_id` (👥 🚫 💪 ⚫️ 👆 🖼).

| Params        | Value                                          |
| :--           | :--                                            |

		reply = true
	} else if reply = locksHeld != WriteLock; reply { // Unless there is a write lock
		l.lockMap[args.Resources[0]] = locksHeld + ReadLock // Grant another read lock
	}
	return reply, nil
}

func (l *lockServer) RUnlock(args *LockArgs) (reply bool, err error) {
	if d := atomic.LoadInt64(&l.responseDelay); d != 0 {
		time.Sleep(time.Duration(d))
	}

| Params        | Value                                          |
| :--           | :--                                            |

			// version or alter its lock settings unless they have special
			// permissions. With governance mode, you protect objects against
			// being deleted by most users, but you can still grant some users
			// permission to alter the retention settings or delete the object
			// if necessary. You can also use governance mode to test retention-period
			// settings before creating a compliance-mode retention period.

After that, you will be able to obtain an id_token for the Admin REST API using client_id and client_secret:

```
curl \
  -d "client_id=<YOUR_CLIENT_ID>" \
  -d "client_secret=<YOUR_CLIENT_SECRET>" \
  -d "grant_type=client_credentials" \
  "http://localhost:8080/auth/realms/{realm}/protocol/openid-connect/token"
```

  repeated string items = 1;
}

// LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace.
// Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions
// checking.
message LocalSubjectAccessReview {
  // Standard list metadata.