pCfg := r.arnProviderCfgsMap[arn]
	if pCfg.JWKS.URL == nil || pCfg.JWKS.URL.String() == "" {
		return nil
	}

	// Add client secret for the client ID for HMAC based signature.
	r.pubKeys.add(pCfg.ClientID, []byte(pCfg.ClientSecret))

	client := &http.Client{
		Transport: r.transport,
	}

	resp, err := client.Get(pCfg.JWKS.URL.String())
	if err != nil {
		return err
	}
	defer r.closeRespFn(resp.Body)

		"http://localhost:8080/auth/realms/minio/.well-known/openid-configuration",
		"OpenID discovery document endpoint")
	flag.StringVar(&clientID, "cid", "", "Client ID")
	flag.StringVar(&clientSec, "csec", "", "Client Secret")
	flag.StringVar(&clientScopes, "cscopes", "openid", "Client Scopes")
	flag.IntVar(&port, "port", 8080, "Port")
}

func implicitFlowURL(c oauth2.Config, state string) string {
	var buf bytes.Buffer

Agora criamos um modelo `HeroCreate`, este é o que **validará** os dados dos clientes.

Ele tem os mesmos campos que `HeroBase`, e também tem `secret_name`.

Agora, quando os clientes **criarem um novo hero**, eles enviarão o `secret_name`, ele será armazenado no banco de dados, mas esses nomes secretos não serão retornados na API para os clientes.

/// tip | Dica

Now we create a `HeroCreate` model, this is the one that will **validate** the data from the clients.

It has the same fields as `HeroBase`, and it also has `secret_name`.

Now, when the clients **create a new hero**, they will send the `secret_name`, it will be stored in the database, but those secret names won't be returned in the API to the clients.

/// tip

    /**
     * Negotiate password hashes with MSIE clients using NTLM SSP
     * @param req The servlet request
     * @param resp The servlet response
     * @param skipAuthentication If true the negotiation is only done if it is
     * initiated by the client (MSIE post requests after successful NTLM SSP
     * authentication). If false and the user has not been authenticated yet
     * the client will be forced to send an authentication (server sends

	}

	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	if accessToken != "" {
		req.Header.Set("Authorization", "Bearer "+accessToken)
	}

	client := &http.Client{
		Transport: transport,
	}

	resp, err := client.Do(req)
	if err != nil {
		return nil, err
	}

	defer xhttp.DrainBody(resp.Body)
	if resp.StatusCode != http.StatusOK {
		// uncomment this for debugging when needed.

 * called certificate authorities (CAs).
 *
 * Browsers and other HTTP clients need a set of trusted root certificates to authenticate their
 * peers. Sets of root certificates are managed by either the HTTP client (like Firefox), or the
 * host platform (like Android). In July 2018 Android had 134 trusted root certificates for its HTTP
 * clients to trust.
 *

//    //  org.bouncycastle.tls.TlsFatalAlertReceived: handshake_failure(40)
//    platform.assumeNotBouncyCastle()

    val client = makeClient()
    makeRequest(client)

    // As of OkHttp 5 we now apply the ordering from the OkHttpClient, which defaults to MODERN_TLS
    // Clients might need a changed order, but can at least define a preferred order to override that default.
    val socketOrderedByDefaults =

 * [OkHttp Idling Resource](https://github.com/JakeWharton/okhttp-idling-resource): An Espresso IdlingResource for OkHttp.
 * [okhttp-client-mock](https://github.com/gmazzo/okhttp-client-mock): A simple OKHttp client mock, using a programmable request interceptor.
 * [OkHttp Profiler](https://plugins.jetbrains.com/plugin/11249-okhttp-profiler): An IntelliJ plugin for monitoring OkHttp calls.

OkHttp Coroutines
=================

Support for Kotlin clients using coroutines.

```kotlin
val call = client.newCall(request)

call.executeAsync().use { response ->
  withContext(Dispatchers.IO) {
    println(response.body?.string())
  }
}
```

This is implemented using `suspendCancellableCoroutine`
but uses the standard Dispatcher in OkHttp. This means
that by default Kotlin's Dispatchers are not used.