* Never store plaintext passwords, only password hashes.
* Implement and use well-known cryptographic tools, like pwdlib and JWT tokens, etc.
* Add more granular permission controls with OAuth2 scopes where needed.
* ...etc.

Nevertheless, you might have a very specific use case where you really need to disable the API docs for some environment (e.g. for production) or depending on configurations from environment variables.

	var names1 []string
	DB.Model(&User{}).Where("name like ?", "distinct%").Distinct().Order("name").Pluck("Name", &names1)

	AssertEqual(t, names1, []string{"distinct", "distinct-2", "distinct-3"})

	var names2 []string
	DB.Scopes(func(db *gorm.DB) *gorm.DB {
		return db.Table("users")
	}).Where("name like ?", "distinct%").Order("name").Pluck("name", &names2)
	AssertEqual(t, names2, []string{"distinct", "distinct", "distinct", "distinct-2", "distinct-3"})

 * <p>
 * This interface allows plugins and extensions to define and register additional project scopes
 * beyond the standard {@link ProjectScope#MAIN} and {@link ProjectScope#TEST} scopes.
 * Implementations of this interface will be discovered through the Java ServiceLoader mechanism
 * and their provided project scopes will be available throughout the Maven build process.
 * <p>
 * Example usage:
 * <pre>

MINIO_IDENTITY_OPENID_CLAIM_NAME            (string)    JWT canned policy claim name (default: 'policy')
MINIO_IDENTITY_OPENID_SCOPES                (csv)       Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"

import org.apache.maven.lifecycle.mapping.LifecycleMojo;
import org.apache.maven.lifecycle.mapping.LifecyclePhase;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * TODO: this is session scoped as SPI can contribute.
 */
@Named
@Singleton
public class DefaultPackagingRegistry
        extends ExtensibleEnumRegistries.DefaultExtensibleEnumRegistry<Packaging, PackagingProvider>

claim_name    (string)    JWT canned policy claim name, defaults to "policy"
claim_prefix  (string)    JWT claim namespace prefix e.g. "customer1/"
scopes        (csv)       Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"
comment       (sentence)  optionally add a comment to this setting
```

and ENV based options

```

			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         Scopes,
			Description: `Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"` + defaultHelpPostfix(Scopes),
			Optional:    true,
			Type:        "csv",
		},
		config.HelpKV{
			Key:         Vendor,

 * This interface allows plugins and extensions to define and register additional path scopes
 * beyond the standard ones provided by Maven. Path scopes define how dependencies are used
 * in different contexts, such as compilation, testing, or runtime.
 * <p>
 * Implementations of this interface will be discovered through the Java ServiceLoader mechanism
 * and their provided path scopes will be available throughout the Maven build process.
 * <p>
 * Example usage:

	if !ok || len(args) != 2 {
		t.Fatalf("Preload expected with args, got %v", tx.Statement.Preloads)
	}

	// Scopes: just ensure calling Scopes doesn't panic and returns a DB
	tx = tx.Scopes(func(d *gorm.DB) *gorm.DB { return d.Where("status = ?", "ok") })
	if tx == nil {
		t.Fatalf("Scopes returned nil")
	}

	// Unscoped
	tx = tx.Unscoped()
	if !tx.Statement.Unscoped {

# Security Tools

When you need to declare dependencies with OAuth2 scopes you use `Security()`.

But you still need to define what is the dependable, the callable that you pass as a parameter to `Depends()` or `Security()`.

There are multiple tools that you can use to create those dependables, and they get integrated into OpenAPI so they are shown in the automatic docs UI, they can be used by automatically generated clients and SDKs, etc.