</execution>
          <execution>
            <id>modello-site-docs</id>
            <goals>
              <goal>xdoc</goal>
              <goal>xsd</goal>
            </goals>
            <phase>generate-resources</phase>
            <configuration>
              <version>2.0.0</version>
              <models>
                <model>src/main/mdo/settings.mdo</model>
              </models>
            </configuration>

      <plugin>
        <artifactId>maven-javadoc-plugin</artifactId>
        <executions>
          <execution>
            <id>attach-docs</id>
          </execution>
          <execution>
            <id>generate-javadoc-site-report</id>
            <phase>site</phase>
            <goals><goal>javadoc</goal></goals>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>

    # - - - - - - - - - -/

    # /- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    # o isDBFluteBeansGeneratedAsJavaConfig (NotRequired - Default true since 1.1)
    #  Does it generate JavaConfig for DBFluteBeans? (not use XML configuration)
    #
    # @SpringOnly
    #; isDBFluteBeansGeneratedAsJavaConfig = false
    # - - - - - - - - - -/

          </models>
        </configuration>
        <executions>
          <execution>
            <id>velocity</id>
            <goals>
              <goal>velocity</goal>
            </goals>
            <phase>generate-sources</phase>
            <configuration>
              <templates>
                <template>model-v3.vm</template>
              </templates>
              <params>

)

app = Flask(__name__)


@app.route('/')
def homepage():
    text = '<a href="%s">Authenticate with keycloak</a>'
    return text % make_authorization_url()


def make_authorization_url():
    # Generate a random string for the state parameter
    # Save it for use later to prevent xsrf attacks

    state = str(uuid4())
    params = {"client_id": client_id,
              "response_type": "code",

If you want to play with JWT tokens and see how they work, check <a href="https://jwt.io/" class="external-link" target="_blank">https://jwt.io</a>.

## Install `PyJWT`

We need to install `PyJWT` to generate and verify the JWT tokens in Python.

Make sure you create a [virtual environment](../../virtual-environments.md){.internal-link target=_blank}, activate it, and then install `pyjwt`:

<div class="termy">

```console

	if err != nil {
		t.Fatalf("Failed to initialize KMS: %v", err)
	}

	key, err := KMS.GenerateKey(context.Background(), &GenerateKeyRequest{Name: "my-key"})
	if err != nil {
		t.Fatalf("Failed to generate key: %v", err)
	}
	plaintext, err := KMS.Decrypt(context.TODO(), &DecryptRequest{
		Name:       key.KeyID,
		Ciphertext: key.Ciphertext,
	})
	if err != nil {
		t.Fatalf("Failed to decrypt key: %v", err)
	}

import okhttp3.tls.HeldCertificate
import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement

object TlsUtil {
  val password = "password".toCharArray()

  private val localhost: HandshakeCertificates by lazy {
    // Generate a self-signed cert for the server to serve and the client to trust.
    val heldCertificate =
      HeldCertificate.Builder()
        .commonName("localhost")
        .addSubjectAlternativeName("localhost")

  // (1) 00 01 02 03 04 05 06 07 80
  // (2) 00 01 02 03 04 05 06 07 81
  // (3) 00 01 02 03 04 05 06 07 ff (or anything in between)
  // A fault implementation will generate collisions for these inputs.
  public void testCollisionsDueToIncorrectSignExtension() {
    byte[] col1 = new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, (byte) 0x80};

  // (1) 00 01 02 03 04 05 06 07 80
  // (2) 00 01 02 03 04 05 06 07 81
  // (3) 00 01 02 03 04 05 06 07 ff (or anything in between)
  // A fault implementation will generate collisions for these inputs.
  public void testCollisionsDueToIncorrectSignExtension() {
    byte[] col1 = new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, (byte) 0x80};