## Respostas Adicionais

Você provavelmente já viu como declarar o `response_model` e `status_code` para uma *operação de rota*.

Isso define os metadados sobre a resposta principal da *operação de rota*.

Você também pode declarar respostas adicionais, com seus modelos, códigos de status, etc.

     * }
     * The {@code Principal} object returned will never be {@code null}
     * however the username can be {@code null} indication anonymous
     * credentials were used (e.g. some IPC$ services).
     */

    /**
     * Returns the principal used for authentication
     *
     * @return the authentication principal
     */
    public Principal getPrincipal() {
        return auth;

	}

	cert, ok := clientKey.(*ssh.Certificate)
	if !ok {
		return errSftpPublicKeyWithoutCert
	}

	// ssh.CheckCert called by ssh.Authenticate accepts certificates
	// with empty principles list so we block those in here.
	if len(cert.ValidPrincipals) == 0 {
		return errSftpCertWithoutPrincipals
	}

	// Verify that certificate provided by user is issued by trusted CA,

	public final fun -deprecated_localCertificates ()Ljava/util/List;
	public final fun -deprecated_localPrincipal ()Ljava/security/Principal;
	public final fun -deprecated_peerCertificates ()Ljava/util/List;
	public final fun -deprecated_peerPrincipal ()Ljava/security/Principal;
	public final fun -deprecated_tlsVersion ()Lokhttp3/TlsVersion;
	public final fun cipherSuite ()Lokhttp3/CipherSuite;

            <signature>
              <groupId>com.toasttab.android</groupId>
              <artifactId>gummy-bears-api-23</artifactId>
              <version>0.12.0</version>
              <!-- TODO(cpovirk): In principle, it would make sense to *also* test compatibility with JDK 1.8, since guava-android also has JRE users. -->
            </signature>
            <ignores>

Em seguida, usamos `hero_db.sqlmodel_update(hero_data)` para atualizar o `hero_db` com os dados de `hero_data`.

{* ../../docs_src/sql_databases/tutorial002_an_py310.py ln[83:93] hl[83:84,88:89] *}

            }

            @Override
            public boolean isUserInRole(String role) {
                return false;
            }

            @Override
            public java.security.Principal getUserPrincipal() {
                return null;
            }

            @Override
            public String getRequestedSessionId() {
                return null;
            }

Esos detalles son específicos de la implementación.

Para OAuth2 son solo strings.

///

## Vista global

Primero, echemos un vistazo rápido a las partes que cambian desde los ejemplos en el **Tutorial - User Guide** principal para [OAuth2 con Password (y hashing), Bearer con tokens JWT](../../tutorial/security/oauth2-jwt.md){.internal-link target=_blank}. Ahora usando scopes de OAuth2:

Where the spec is ambiguous, OkHttp follows modern user agents such as popular Browsers or common HTTP Libraries.

OkHttp is principled and avoids being overly configurable, especially when such configuration is
to workaround a buggy server, test invalid scenarios or that contradict the relevant RFC.

///

## Sub Aplicaciones