<img src="/img/tutorial/security/image10.png">

/// note | Nota

Observa el header `Authorization`, con un valor que comienza con `Bearer `.

///

## Uso avanzado con `scopes`

OAuth2 tiene la noción de "scopes".

Puedes usarlos para agregar un conjunto específico de permisos a un token JWT.

public class WriteReplaceOverridesTest extends TestCase {
  private static final ImmutableSet<String> GUAVA_PACKAGES =
      FluentIterable.of(
              "base",
              "cache",
              "collect",
              "escape",
              "eventbus",
              "graph",
              "hash",
              "html",
              "io",
              "math",
              "net",
              "primitives",

  /**
   * Creates an {@code ImmutableMapEntry} array to hold parameterized entries. The result must never
   * be upcast back to ImmutableMapEntry[] (or Object[], etc.), or allowed to escape the class.
   *
   * <p>The returned array has all its elements set to their initial null values. However, we don't
   * declare it as {@code @Nullable ImmutableMapEntry[]} because our checker doesn't require newly

     */
    void attachArtifact(@Nonnull Project project, @Nonnull ProducedArtifact artifact, @Nonnull Path path);

    /**
     * {@return all source root directories}, including the disabled ones, for all languages and scopes.
     * For listing only the {@linkplain SourceRoot#enabled() enabled} source roots,
     * the following code can be used:
     *
     * <pre>{@literal
     * List<SourceRoot> enabledRoots = project.getSourceRoots()

/// note | Техническая информация
Обратите внимание на заголовок `Authorization`, значение которого начинается с `Bearer`.
///

## Продвинутое использование `scopes`

В OAuth2 существует понятие "диапазоны" ("`scopes`").

С их помощью можно добавить определенный набор разрешений к JWT-токену.

Die Instanz der Klassenabhängigkeit `OAuth2PasswordRequestForm` verfügt, statt eines Attributs `scope` mit dem durch Leerzeichen getrennten langen String, über das Attribut `scopes` mit einer tatsächlichen Liste von Strings, einem für jeden gesendeten Scope.

In diesem Beispiel verwenden wir keine `scopes`, aber die Funktionalität ist vorhanden, wenn Sie sie benötigen.

///

/// tip | Consejo

La instance de la clase de dependencia `OAuth2PasswordRequestForm` no tendrá un atributo `scope` con el string largo separado por espacios, en su lugar, tendrá un atributo `scopes` con la lista real de strings para cada scope enviado.

No estamos usando `scopes` en este ejemplo, pero la funcionalidad está ahí si la necesitas.

///

Ahora, obtén los datos del usuario desde la base de datos (falsa), usando el `username` del campo del form.

Votre saisie est plus courte que ",notConfirmed:"Les saisies ne sont pas identiques",badDomain:"Vous avez saisi un domaine incorrect",badUrl:"Vous avez saisi une URL incorrecte",badCustomVal:"Re-saisissez une réponse correcte",andSpaces:" et des espaces ",badInt:"Vous n'avez pas saisi un numéro",badSecurityNumber:"Vous avez saisi un mauvais numéro de sécurité sociale",badUKVatAnswer:"Vous n'avez pas saisi un numéro de TVA au Royaume-Uni",badStrength:"Vous avez saisi un mot de passe pas assez séc...

/// tip

The instance of the dependency class `OAuth2PasswordRequestForm` won't have an attribute `scope` with the long string separated by spaces, instead, it will have a `scopes` attribute with the actual list of strings for each scope sent.

We are not using `scopes` in this example, but the functionality is there if you need it.

///

Now, get the user data from the (fake) database, using the `username` from the form field.

./mc cp /etc/hosts myminio/test-bucket

./mc idp openid add myminio \
	config_url="http://localhost:5556/dex/.well-known/openid-configuration" \
	client_id="minio-client-app" \
	client_secret="minio-client-app-secret" \
	scopes="openid,groups,email,profile" \
	redirect_uri="http://127.0.0.1:10000/oauth_callback" \
	display_name="Login via dex1" \
	role_policy="consoleAdmin"

./mc admin service restart myminio --json
./mc ready myminio