* `apiKey`: una clave específica de la aplicación que puede provenir de:
  * Un parámetro de query.
  * Un header.
  * Una cookie.
* `http`: sistemas de autenticación HTTP estándar, incluyendo:
  * `bearer`: un header `Authorization` con un valor de `Bearer ` más un token. Esto se hereda de OAuth2.
  * Autenticación básica HTTP.
  * Digest HTTP, etc.
* `oauth2`: todas las formas de OAuth2 para manejar la seguridad (llamadas "flujos").

    chain and an untrusted-but-pinned chain.
 *  Upgrade: [Kotlin 1.6.10][kotlin_1_6_10].


## Version 5.0.0-alpha.3

_2021-11-22_

 *  Fix: Change `Headers.toString()` to redact authorization and cookie headers.
 *  Fix: Don't do DNS to get the hostname for `RecordedRequest.requestUrl`. This was doing a DNS
    lookup for the local hostname, but we really just wanted the `Host` header.

  - [Important Security Information](#important-security-information-1)
    - [CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks](#cve-2025-4563-nodes-can-bypass-dynamic-resource-allocation-authorization-checks)
  - [Changes by Kind](#changes-by-kind-8)
    - [Feature](#feature-6)
    - [Bug or Regression](#bug-or-regression-7)

* `apiKey`: uma chave específica de aplicação que pode vir de:
    * Um parâmetro query.
    * Um header.
    * Um cookie.
* `http`: padrão HTTP de sistemas autenticação, incluindo:
    * `bearer`: um header de `Authorization` com valor de `Bearer` adicionado de um token. Isso é herança do OAuth2.
    * HTTP Basic authentication.
    * HTTP Digest, etc.
* `oauth2`: todas as formas do OAuth2 para lidar com segurança (chamados "fluxos").

    * Einem Query-Parameter.
    * Einem Header.
    * Einem Cookie.
* `http`: Standard-HTTP-Authentifizierungssysteme, einschließlich:
    * `bearer`: ein Header `Authorization` mit dem Wert `Bearer ` plus einem Token. Dies wird von OAuth2 geerbt.
    * HTTP Basic Authentication.
    * HTTP Digest, usw.
* `oauth2`: Alle OAuth2-Methoden zum Umgang mit Sicherheit (genannt „Flows“).

Kubernetes 1.11 also makes it easier to see what's happening, as audit events can now be annotated with information about how an API request was handled:
  * Authorization sets `authorization.k8s.io/decision` and `authorization.k8s.io/reason` annotations with the authorization decision ("allow" or "forbid") and a human-readable description of why the decision was made (for example, RBAC includes the name of the role/binding/subject which allowed a request).

    * D'un paramètre de requête.
    * D'un en-tête.
    * D'un cookie.
* `http` : des systèmes d'authentification HTTP standards, notamment :
    * `bearer` : un en-tête `Authorization` avec une valeur `Bearer ` plus un jeton. Hérité d'OAuth2.
    * Authentification HTTP Basic.
    * HTTP Digest, etc.
* `oauth2` : toutes les méthodes OAuth2 pour gérer la sécurité (appelées « flows »).

  - [alpha] Access Review APIs expose authorization engine to external inquiries for delegation, inspection, and debugging ([docs](http://kubernetes.io/docs/admin/authorization/)) ([kubernetes/features#37](https://github.com/kubernetes/enhancements/issues/37))
- **Cluster Lifecycle**

	defer cancel()

	req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(buf))
	if err != nil {
		return err
	}

	if token != "" {
		req.Header.Set("Authorization", token)
	}
	req.Header.Set("Content-Type", "application/json")

	clnt := http.Client{Transport: getRemoteInstanceTransport()}
	resp, err := clnt.Do(req)
	if err != nil {
		return err
	}

<img src="/img/tutorial/security/image10.png">

/// note | Not

`Authorization` header'ına dikkat edin; değeri `Bearer ` ile başlıyor.

///

## `scopes` ile İleri Seviye Kullanım { #advanced-usage-with-scopes }

OAuth2'nin "scopes" kavramı vardır.