*/
    @Resource
    protected MessageManager messageManager;

    /**
     * Service for managing API access tokens including validation and authentication.
     * Used to verify token-based authentication for API requests.
     */
    @Resource
    protected AccessTokenService accessTokenService;

    /**

        while (true) {
            final MyToken token = que.poll();
            if (token == null) {
                return null;
            }
            if (prev == null || !prev.identical(token)) {
                return token;
            }
        }
    }

    void consultDictionary() throws IOException {
        if (synonymMap == null) {

            throw new SsoLoginException("could not validate nonce", e);
        }
    }

    /**
     * Obtains an access token using a refresh token.
     * @param refreshToken The refresh token to use for token acquisition.
     * @return The authentication result containing the access token.
     */
    public IAuthenticationResult getAccessToken(final String refreshToken) {

<img src="/img/tutorial/security/image11.png">

## Token JWT com escopos

Agora, modifique o *caminho de rota* para retornar os escopos solicitados.

Nós ainda estamos utilizando o mesmo `OAuth2PasswordRequestForm`. Ele inclui a propriedade `scopes` com uma `list` de `str`, com cada escopo que ele recebeu na requisição.

E nós retornamos os escopos como parte do token JWT.

/// danger | Cuidado

	}

	owner := TokenOwner{
		Name:  "user",
		Token: Token{Content: "token"},
	}
	o1, err := saveTokenOwner(&owner)
	if err != nil {
		t.Errorf("failed to save token owner, got error: %v", err)
	}
	if o1.Name != "user_name" {
		t.Errorf(`owner name should be "user_name", but got: "%s"`, o1.Name)
	}
	if o1.Token.Content != "token_encrypted" {

        int byteCountValue = 16 + 10; // guid + token
        setByteCount(response, byteCountValue);
        byte[] buffer = new byte[byteCountValue];
        byte[] guid = new byte[16];
        for (int i = 0; i < 16; i++) {
            guid[i] = (byte) i;
        }
        System.arraycopy(guid, 0, buffer, 0, 16);
        byte[] token = new byte[10];
        for (int i = 0; i < 10; i++) {

	if err != nil {
		log.Fatalf("Failed to generate OIDC token: %v", err)
	}

	roleARN := os.Getenv("ROLE_ARN")
	webID := cr.STSWebIdentity{
		Client:      &http.Client{},
		STSEndpoint: endpoint,
		GetWebIDTokenExpiry: func() (*cr.WebIdentityToken, error) {
			return &cr.WebIdentityToken{
				Token: oidcToken,
			}, nil
		},
		RoleARN: roleARN,
	}

	value, err := webID.Retrieve()

<img src="/img/tutorial/security/image11.png">

## Token JWT con scopes

Ahora, modifica la *path operation* del token para devolver los scopes solicitados.

Todavía estamos usando el mismo `OAuth2PasswordRequestForm`. Incluye una propiedad `scopes` con una `list` de `str`, con cada scope que recibió en el request.

Y devolvemos los scopes como parte del token JWT.

/// danger | Peligro

#   wrapper_version - The Gradle version to update the wrapper to
# 
# Environment variables:
#   DEFAULT_BRANCH  - The default branch to create the pull request on (e.g. "master"/"release")
#   GITHUB_TOKEN    - GitHub bot token
#   TRIGGERED_BY    - Optional. If it's "Release - Final", version will be from version-info-final-release/version-info.properties

<img src="/img/tutorial/security/image11.png">

## JWT token with scopes { #jwt-token-with-scopes }

Now, modify the token *path operation* to return the scopes requested.

We are still using the same `OAuth2PasswordRequestForm`. It includes a property `scopes` with a `list` of `str`, with each scope it received in the request.

And we return the scopes as part of the JWT token.

/// danger