}
			value, ok := nv[http.CanonicalHeaderKey(key)]
			if ok {
				m[key] = strings.Join(value, ",")
				break
			}
		}
	}
	return nil
}

// Returns access credentials in the request Authorization header.
func getReqAccessCred(r *http.Request, region string) (cred auth.Credentials) {
	cred, _, _ = getReqAccessKeyV4(r, region, serviceS3)
	if cred.AccessKey == "" {
		cred, _, _ = getReqAccessKeyV2(r)
	}

* The `rbac.authorization.k8s.io/v1beta1` API has been promoted to `rbac.authorization.k8s.io/v1` with no changes. ([#49642](https://github.com/kubernetes/kubernetes/pull/49642), [@liggitt](https://github.com/liggitt))
    * The `rbac.authorization.k8s.io/v1alpha1` version is deprecated and will be removed in a future release.

<a href="https://www.permit.io/blog/implement-authorization-in-fastapi?utm_source=github&utm_medium=referral&utm_campaign=fastapi" target="_blank" title="Fine-Grained Authorization for FastAPI"><img src="https://fastapi.tiangolo.com/img/sponsors/permit.png"></a>

			Type:        "url",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         target.WebhookAuthToken,
			Description: "opaque string or JWT authorization token",
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
			Secret:      true,
		},
		config.HelpKV{
			Key:         target.WebhookQueueDir,
			Description: queueDirComment,

     */
    @Test
    public void testFilterWithHeaderUpdatesClient() {
        final Client mockNewClient = mock(Client.class);
        final Map<String, String> headers = new HashMap<>();
        headers.put("Authorization", "Bearer token");

        when(mockClient.filterWithHeader(headers)).thenReturn(mockNewClient);

        final Client result = fesenClient.filterWithHeader(headers);

    @Size(max = 1000)
    public String oicClientId;

    /** OpenID Connect client secret. */
    @Size(max = 1000)
    public String oicClientSecret;

    /** OpenID Connect authorization server URL. */
    @Size(max = 1000)
    public String oicAuthServerUrl;

    /** OpenID Connect token server URL. */
    @Size(max = 1000)
    public String oicTokenServerUrl;

                    maskedHeader = "***";
                } else {
                    maskedHeader = authzHeader.substring(0, 10) + "***";
                }
                final String msg = "Failed to process Authorization Header: " + maskedHeader;
                if (logger.isDebugEnabled()) {
                    logger.debug(msg);
                }
                throw new SsoLoginException(e.getMessage() + " " + msg, e);

		apiErr.Description = fmt.Sprintf("%s (%s)", apiErr.Description, err)
	}
	if region := globalSite.Region(); region != "" {
		if errCode == ErrAuthorizationHeaderMalformed {
			apiErr.Description = fmt.Sprintf("The authorization header is malformed; the region is wrong; expecting '%s'.", region)
			return apiErr
		}
	}
	return apiErr
}

func (e errorCodeMap) ToAPIErr(errCode APIErrorCode) APIError {

- All resources within the `rbac.authorization.k8s.io/v1alpha1` and `rbac.authorization.k8s.io/v1beta1` API groups are deprecated in favor of `rbac.authorization.k8s.io/v1`, and will no longer be served in v1.20. ([#84758](https://github.com/kubernetes/kubernetes/pull/84758), [@liggitt](https://github.com/liggitt))

當我們登入自己的應用（可能也有自己的前端）時，這是合適的。

因為我們可以信任它接收 `username` 與 `password`，因為我們掌控它。

但如果你要打造一個讓他人連接的 OAuth2 應用（也就是你要建立一個相當於 Facebook、Google、GitHub 等的身分驗證提供者），你應該使用其他流程之一。

最常見的是 Implicit Flow（隱式流程）。

最安全的是 Authorization Code Flow（授權碼流程），但它需要更多步驟、實作也更複雜。因為較複雜，許多提供者最後會建議使用隱式流程。

/// note

很常見的是，每個身分驗證提供者會用不同的方式命名他們的流程，讓它成為品牌的一部分。

但最終，他們實作的都是相同的 OAuth2 標準。

///