return xml.UnmarshalError(fmt.Sprintf("expected element type <LegalHold>/<ObjectLockLegalHold> but have <%s>",
			start.Name.Local))
	}
	for {
		// Read tokens from the XML document in a stream.
		t, err := d.Token()
		if err != nil {
			if err == io.EOF {
				break
			}
			return err
		}

		if se, ok := t.(xml.StartElement); ok {
			switch se.Name.Local {
			case "Status":
				var st LegalHoldStatus

	quarkus/extensions/agroal/deployment/pom.xml
	quarkus/extensions/jdbc/jdbc-h2/deployment/pom.xml
	quarkus/test-framework/junit5-internal/pom.xml
quarkus/extensions/oidc-token-propagation-reactive/deployment/pom.xml
	quarkus/extensions/oidc-token-propagation-reactive/runtime/pom.xml
	quarkus/extensions/security/deployment/pom.xml
	quarkus/extensions/resteasy-reactive/rest-client-reactive/deployment/pom.xml

C’est le même mécanisme utilisé lorsque vous donnez des permissions en vous connectant avec Facebook, Google, GitHub, etc. :

<img src="/img/tutorial/security/image11.png">

## Jeton JWT avec scopes { #jwt-token-with-scopes }

Modifiez maintenant le *chemin d’accès* du jeton pour renvoyer les scopes demandés.

testdata/huffman-zero.wb.expect", "src/compress/flate/testdata/huffman-zero.wb.expect-noinput", "src/compress/flate/testdata/null-long-match.dyn.expect-noinput", "src/compress/flate/testdata/null-long-match.wb.expect-noinput", "src/compress/flate/token.go", "src/compress/flate/writer_test.go", "src/compress/gzip/", "src/compress/gzip/example_test.go", "src/compress/gzip/gunzip.go", "src/compress/gzip/gunzip_test.go", "src/compress/gzip/gzip.go", "src/compress/gzip/gzip_test.go", "src/compress/gz...

## 依存関係 { #dependencies }

アプリケーションの複数箇所で使う依存関係が必要になります。

そのため、専用の `dependencies` モジュール（`app/dependencies.py`）に置きます。

ここではカスタムヘッダー `X-Token` を読む簡単な依存関係を使います:

{* ../../docs_src/bigger_applications/app_an_py310/dependencies.py hl[3,6:8] title["app/dependencies.py"] *}

/// tip | 豆知識

この例を簡単にするために架空のヘッダーを使っています。

		}
		if !isTokenSelfRevoke && user != parentUser {
			writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAccessDenied), r.URL)
			return
		}
		user = parentUser
	}

	// Infer token revoke type from the request if requestor is STS.
	if isTokenSelfRevoke && tokenRevokeType == "" && !fullRevoke {
		if cred.IsTemp() {
			tokenRevokeType, _ = cred.Claims[tokenRevokeTypeClaim].(string)
		}

그리고 접근을 허용할 스코프를 선택할 수 있게 됩니다: `me`와 `items`.

이는 Facebook, Google, GitHub 등으로 로그인하면서 권한을 부여할 때 사용되는 것과 동일한 메커니즘입니다:

<img src="/img/tutorial/security/image11.png">

## 스코프를 포함한 JWT 토큰 { #jwt-token-with-scopes }

이제 토큰 *경로 처리*를 수정해, 요청된 스코프를 반환하도록 합니다.

여전히 동일한 `OAuth2PasswordRequestForm`을 사용합니다. 여기에는 요청에서 받은 각 스코프를 담는 `scopes` 속성이 있으며, 타입은 `str`의 `list`입니다.

그리고 JWT 토큰의 일부로 스코프를 반환합니다.

/// danger | 위험

- When the alpha `LegacyServiceAccountTokenTracking` feature gate is enabled, secret-based service account tokens will have a `kubernetes.io/legacy-token-last-used` applied to them containing the date they were last used. ([#108858](https://github.com/kubernetes/kubernetes/pull/108858), [@zshihang](https://github.com/zshihang)) [SIG API Machinery, Auth and Testing]

* fix: azure disk could not mounted on Standard_DC4s/DC2s instances ([#86612](https://github.com/kubernetes/kubernetes/pull/86612), [@andyzhangx](https://github.com/andyzhangx))
* Fixes issue where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc. ([#86412](https://github.com/kubernetes/kubernetes/pull/86412), [@weinong](https://github.com/weinong))

pkg errors, func Unwrap(error) error
pkg go/constant, func Make(interface{}) Value
pkg go/constant, func Val(Value) interface{}
pkg go/token, func IsExported(string) bool
pkg go/token, func IsIdentifier(string) bool
pkg go/token, func IsKeyword(string) bool
pkg go/types, func CheckExpr(*token.FileSet, *Package, token.Pos, ast.Expr, *Info) error
pkg log, func Writer() io.Writer
pkg log/syslog (netbsd-arm64-cgo), const LOG_ALERT = 1