In this case, it might not be a problem, because it's the same user sending the password.

But if we use the same model for another *path operation*, we could be sending our user's passwords to every client.

!!! danger
    Never store the plain password of a user or send it in a response like this, unless you know all the caveats and you know what you are doing.

## Add an output model

<img src="/img/tutorial/security/image11.png">

## JWT 令牌作用域

现在，修改令牌*路径操作*，返回请求的作用域。

此处仍然使用 `OAuth2PasswordRequestForm`。它包含类型为**字符串列表**的 `scopes` 属性，且`scopes` 属性中包含要在请求里接收的每个作用域。

这样，返回的 JWT 令牌中就包含了作用域。

!!! danger "危险"

    为了简明起见，本例把接收的作用域直接添加到了令牌里。

    但在您的应用中，为了安全，应该只把作用域添加到确实需要作用域的用户，或预定义的用户。

```Python hl_lines="153"
{!../../../docs_src/security/tutorial005.py!}
```

## 在*路径操作*与依赖项中声明作用域

Aber wenn wir dasselbe Modell für eine andere *Pfadoperation* verwenden, könnten wir das Passwort dieses Benutzers zu jedem Client schicken.

!!! danger "Gefahr"
    Speichern Sie niemals das Klartext-Passwort eines Benutzers, oder versenden Sie es in einer Response wie dieser, wenn Sie sich nicht der resultierenden Gefahren bewusst sind und nicht wissen, was Sie tun.

We are still using the same `OAuth2PasswordRequestForm`. It includes a property `scopes` with a `list` of `str`, with each scope it received in the request.

And we return the scopes as part of the JWT token.

!!! danger
    For simplicity, here we are just adding the scopes received directly to the token.

	//   x = x>>8&(m3&m) + x&(m3&m)
	//   x = x>>16&(m4&m) + x&(m4&m)
	//   x = x>>32&(m5&m) + x&(m5&m)
	//   return int(x)
	//
	// Masking (& operations) can be left away when there's no
	// danger that a field's sum will carry over into the next
	// field: Since the result cannot be > 64, 8 bits is enough
	// and we can ignore the masks for the shifts by 8 and up.
	// Per "Hacker's Delight", the first line can be simplified

	{29, "SIGXCPU", "CPU time limit exceeded"},
	{30, "SIGXFSZ", "file size limit exceeded"},
	{31, "SIGVTALRM", "virtual timer expired"},
	{32, "SIGPROF", "profiling timer expired"},
	{33, "SIGDANGER", "danger"},
	{34, "SIGTHSTOP", "stop thread"},
	{35, "SIGTHCONT", "continue thread"},
	{37, "SIGTRACE", "trace"},
	{38, "", "DCE"},
	{39, "SIGDUMP", "dump"},

	if len(lines) == 0 {
		t.Fatalf("empty backtrace")
	}
	for i, l := range lines {
		if !strings.HasPrefix(l, fmt.Sprintf("#%v  ", i)) {
			t.Fatalf("malformed backtrace at line %v: %v", i, l)
		}
	}
	// TODO(mundaym): check for unknown frames (e.g. "??").
}

// NOTE: the maps below are allocated larger than abi.MapBucketCount
// to ensure that they are not "optimized out".

var helloSource = `

loop and all the range-over-func loops it contains at the same time.

If we need to return from inside a doubly-nested loop, the rewrites
above stay the same, but the check after the inner loop only says

	if #next < 0 { return false }

to stop the outer loop so it can do the actual return. That is,

	for range f {
		for range g {
			...
			return a, b
			...

    Developer or such Contributor as a result of any such terms You offer.

    3.6. Larger Works.

    You may create a Larger Work by combining Covered Software with
    other code not governed by the terms of this License and distribute
    the Larger Work as a single product. In such a case, You must make
    sure the requirements of this License are fulfilled for the Covered
    Software.

porter-banner.png...