*
   * @throws ExecutionException if a checked exception was thrown while loading the value
   * @throws UncheckedExecutionException if an unchecked exception was thrown while loading the
   *     value
   * @throws ExecutionError if an error was thrown while loading the value
   * @since 11.0
   */
  @CanIgnoreReturnValue // TODO(b/27479612): consider removing this

* and the application doesn't have any authentication, it expects that any request from the same network can be trusted.

## Example Attack { #example-attack }

Imagine you build a way to run a local AI agent.

It provides an API at

```
http://localhost:8000/v1/agents/multivac
```

There's also a frontend at

```
http://localhost:8000
```

/// tip

 * {@code char} value. An additional safe range is provided that determines whether {@code char}
 * values without specific replacements are to be considered safe and left unescaped or should be
 * escaped in a general way.
 *
 * <p>A good example of usage of this class is for Java source code escaping where the replacement
 * array contains information about special ASCII characters such as {@code \\t} and {@code \\n}

   * {@link #peek()} methods on this instance; if it does, an {@code IllegalStateException} will
   * result.
   *
   * @return the next element if there was one. If {@code endOfData} was called during execution,
   *     the return value will be ignored.
   * @throws RuntimeException if any unrecoverable error happens. This exception will propagate

   * match "*.com" or similar. This was a nonstandard check that we've since dropped. It is the CA's
   * responsibility to not hand out certificates that match so broadly.
   */
  @Test fun wildcardsDoesNotNeedTwoDots() {
    // openssl req -x509 -nodes -days 36500 -subj '/CN=*.com' -newkey rsa:512 -out cert.pem
    val session =
      session(
        """

OAuth2 specifies that when using the "password flow" (that we are using) the client/user must send a `username` and `password` fields as form data.

And the spec says that the fields have to be named like that. So `user-name` or `email` wouldn't work.

But don't worry, you can show it as you wish to your final users in the frontend.

And your database models can use any other names you want.

                if (error != null) {
                    throw new TransferFailedException("Failure to resolve " + remotePath + " from "
                            + repository.getUrl()
                            + " was cached in the local repository. "
                            + "Resolution will not be reattempted until the update interval of "

    * If you are comparing Starlette, compare it against Sanic, Flask, Django, etc. Web frameworks (or microframeworks).
* **FastAPI**:
    * The same way that Starlette uses Uvicorn and cannot be faster than it, **FastAPI** uses Starlette, so it cannot be faster than it.

			// As parameters are already validated, we skip checking
			// if the config param was found.
			val, _, _ := s.ResolveConfigParam(config.IdentityOpenIDSubSys, cfgName, cfgParam, false)
			return val
		}

		// In the past, when only one openID provider was allowed, there
		// was no `enable` parameter - the configuration is turned off
		// by clearing the values. With multiple providers, we support

{* ../../docs_src/security/tutorial004_an_py310.py hl[121:136] *}

### Technical details about the JWT "subject" `sub` { #technical-details-about-the-jwt-subject-sub }

The JWT specification says that there's a key `sub`, with the subject of the token.

It's optional to use it, but that's where you would put the user's identification, so we are using it here.