* API fields previously capable of storing and returning either `[]` and `null` via JSON API requests (for example, the Endpoints `subsets` field) can now store only `null` when created using the protobuf content-type or stored in etcd using protobuf serialization (the default in 1.6+). JSON API clients should tolerate `null` values for such fields, and treat `null` and `[]` as equivalent in meaning unless specifically documented otherwise...

## Die `scopes` verifizieren { #verify-the-scopes }

Wir überprüfen nun, ob das empfangene Token alle Scopes enthält, die von dieser Abhängigkeit und deren Verwendern (einschließlich *Pfadoperationen*) gefordert werden. Andernfalls lösen wir eine `HTTPException` aus.

Hierzu verwenden wir `security_scopes.scopes`, das eine `list`e mit allen diesen Scopes als `str` enthält.

/// tip | 豆知識

重要で「魔法のよう」な点は、`get_current_user` が path operation ごとに異なる `scopes` のリストをチェックすることになる、ということです。

それは、それぞれの path operation と、その path operation の依存関係ツリー内の各依存関係で宣言された `scopes` によって決まります。

///

## `SecurityScopes` の詳細 { #more-details-about-securityscopes }

 * limitations under the License.
 */
package okhttp3.internal.http2.hpackjson

/**
 * Representation of one story, a set of request headers to encode or decode. This class is used
 * reflectively with Moshi to parse stories from files.
 */
data class Story(
  val description: String? = null,
  val cases: List<Case>,
  val fileName: String? = null,
) {
  // Used as the test name.

Для цього використовуємо `security_scopes.scopes`, що містить `list` із усіма цими scopes як `str`.

{* ../../docs_src/security/tutorial005_an_py310.py hl[130:136] *}

## Дерево залежностей і scopes { #dependency-tree-and-scopes }

Ще раз розгляньмо дерево залежностей і scopes.

		logger.Info("IAM expired STS purge took %.2fs", took)
	}

	// Store the newly populated map in the iam cache. This takes care of
	// removing stale entries from the existing map.
	cache.iamSTSAccountsMap = stsAccountsFromStore

	stsAccPoliciesFromStore.Range(func(k string, v MappedPolicy) bool {
		cache.iamSTSPolicyMap.Store(k, v)
		return true
	})

	return nil
}

Для этого используем `security_scopes.scopes`, содержащий `list` со всеми этими scopes как `str`.

{* ../../docs_src/security/tutorial005_an_py310.py hl[130:136] *}

## Дерево зависимостей и scopes { #dependency-tree-and-scopes }

Ещё раз рассмотрим дерево зависимостей и scopes.

Nevertheless, you still enforce those scopes, or any other security/authorization requirement, however you need, in your code.

In many cases, OAuth2 with scopes can be an overkill.

But if you know you need it, or you are curious, keep reading.

///

## OAuth2 scopes and OpenAPI { #oauth2-scopes-and-openapi }

                            * *Path operation* `read_system_status` için `security_scopes.scopes` `[]` (boş) olur; çünkü herhangi bir `Security` ile `scopes` tanımlamamıştır ve dependency'si olan `get_current_user` da `scopes` tanımlamaz.

/// tip | İpucu

Buradaki önemli ve "sihirli" nokta şu: `get_current_user`, her *path operation* için kontrol etmesi gereken farklı bir `scopes` listesi alır.

/// tip | Dica

A coisa importante e "mágica" aqui é que `get_current_user` terá diferentes listas de `scopes` para validar para cada *operação de rota*.