// test whether the hash values have different output bits
        diff |= hash1 ^ hash2;

        count++;
        // check whether we've exceeded the probabilistically
        // likely number of trials to have proven no funneling
        if (count > maxCount) {
          Assert.fail(
              "input bit("
                  + i
                  + ") was found not to affect all "
                  + hashBits

<img src="/img/tutorial/security/image11.png">

## Token JWT con scopes

Ahora, modifica la *path operation* del token para devolver los scopes solicitados.

Todavía estamos usando el mismo `OAuth2PasswordRequestForm`. Incluye una propiedad `scopes` con una `list` de `str`, con cada scope que recibió en el request.

Y devolvemos los scopes como parte del token JWT.

/// danger | Peligro

substr(0,b.length-7),this.municipalities)>-1)},errorMessage:"",errorMessageKey:"badCustomVal",municipalities:["ale","alingsås","alvesta","aneby","arboga","arjeplog","arvidsjaur","arvika","askersund","avesta","bengtsfors","berg","bjurholm","bjuv","boden","bollebygd","bollnäs","borgholm","borlänge","borås","botkyrka","boxholm","bromölla","bräcke","burlöv","båstad","dals-ed","danderyd","degerfors","dorotea","eda","ekerö","eksjö","emmaboda","enköpings","eskilstuna","eslövs","essunga","fagersta","fal...

        };
    assertCrc(0xd9963a56, scsiReadCommand);
  }

  // Known values from http://www.evanjones.ca/crc32c.html
  public void testSomeOtherKnownValues() {
    assertCrc(0x22620404, "The quick brown fox jumps over the lazy dog".getBytes(UTF_8));
    assertCrc(0xE3069283, "123456789".getBytes(UTF_8));
    assertCrc(0xf3dbd4fe, "1234567890".getBytes(UTF_8));
    assertCrc(0xBFE92A83, "23456789".getBytes(UTF_8));
  }

<img src="/img/tutorial/security/image11.png">

## JWT token with scopes { #jwt-token-with-scopes }

Now, modify the token *path operation* to return the scopes requested.

We are still using the same `OAuth2PasswordRequestForm`. It includes a property `scopes` with a `list` of `str`, with each scope it received in the request.

And we return the scopes as part of the JWT token.

/// danger

    }

    public void setToken_Terms(ConditionOptionCall<TermsAggregationBuilder> opLambda) {
        setToken_Terms("token", opLambda, null);
    }

    public void setToken_Terms(ConditionOptionCall<TermsAggregationBuilder> opLambda, OperatorCall<BsAccessTokenCA> aggsLambda) {
        setToken_Terms("token", opLambda, aggsLambda);
    }

{* ../../docs_src/security/tutorial002_an_py310.py hl[25] *}

## Get the user { #get-the-user }

`get_current_user` will use a (fake) utility function we created, that takes a token as a `str` and returns our Pydantic `User` model:

{* ../../docs_src/security/tutorial002_an_py310.py hl[19:22,26:27]...

                            state = 0;
                            break;
                        }

                        try {
                            token = nctx.initSecContext(token, 0, token.length);
                        } catch (final SmbException se) {
                            /* We must close the transport or the server will be expecting a

	  #     value: "image/*" # match objects with 'content-type', with all values starting with 'image/'

	notify:
	  endpoint: "https://notify.endpoint" # notification endpoint to receive job status events
	  token: "Bearer xxxxx" # optional authentication token for the notification endpoint

	retry:
	  attempts: 10 # number of retries for the job before giving up
	  delay: "500ms" # least amount of delay between each retry
```