- [CLI Improvements](#cli-improvements)
  - [API Changes](#api-changes)
  - [Other notable changes](#other-notable-changes-1)
    - [API Machinery](#api-machinery)
    - [Apps](#apps)
    - [Auth](#auth)
    - [CLI](#cli)
    - [Cloud Provider](#cloud-provider)
    - [Cluster Lifecycle](#cluster-lifecycle-1)
    - [Instrumentation](#instrumentation)
    - [Network](#network-1)
    - [Node](#node)

Normalmente são usados para declarar permissões de segurança específicas, por exemplo:

* `users:read` ou `users:write` são exemplos comuns.
* `instagram_basic` é usado pelo Facebook e Instagram.
* `https://www.googleapis.com/auth/drive` é usado pelo Google.

/// info | Informação

No OAuth2, um "scope" é apenas uma string que declara uma permissão específica necessária.

Não importa se tem outros caracteres como `:` ou se é uma URL.

	claims, err := auth.ExtractClaims(stsCred.SessionToken, secretKey)
	if err != nil {
		return fmt.Errorf("STS credential could not be verified: %w", err)
	}

	mapClaims := claims.Map()
	expiry, err := auth.ExpToInt64(mapClaims["exp"])
	if err != nil {
		return fmt.Errorf("Expiry claim was not found: %v: %w", mapClaims, err)
	}

	cred := auth.Credentials{

            } else {
                if (!this.ctx.renewCredentials(loc.getURL().toString(), sae)) {
                    throw sae;
                }
                log.debug("Trying to renew credentials after auth error");
                try (SmbSessionInternal s = trans.getSmbSession(this.ctx, treesess.getTargetHost(), treesess.getTargetDomain())

 *
 */
public class AdminWebauthAction extends FessAdminAction {

    /**
     * Default constructor.
     */
    public AdminWebauthAction() {
        super();
    }

    /** Role name for admin web auth operations */
    public static final String ROLE = "admin-webauth";

    private static final Logger logger = LogManager.getLogger(AdminWebauthAction.class);

* Fix the bug where StartedAt time is not reported for exited containers. ([#45977](https://github.com/kubernetes/kubernetes/pull/45977), [@yujuhong](https://github.com/yujuhong))
* Enable basic auth username rotation for GCI ([#44590](https://github.com/kubernetes/kubernetes/pull/44590), [@ihmccreery](https://github.com/ihmccreery))

                if (logger.isDebugEnabled()) {
                    logger.debug(msg);
                }
                throw new SsoLoginException(e.getMessage() + " " + msg, e);
            }

            // context/auth loop not yet complete
            final boolean status = spnegoResponse.isStatusSet();
            if (logger.isDebugEnabled()) {
                logger.debug("isStatusSet: {}", status);
            }

🕐❔ 1️⃣ 👫 💂‍♂ ⚖ ⚙️ Oauth2️⃣, 👆 💪 📣 & ⚙️ ↔.

🔠 "↔" 🎻 (🍵 🚀).

👫 🛎 ⚙️ 📣 🎯 💂‍♂ ✔, 🖼:

* `users:read` ⚖️ `users:write` ⚠ 🖼.
* `instagram_basic` ⚙️ 👱📔 / 👱📔.
* `https://www.googleapis.com/auth/drive` ⚙️ 🇺🇸🔍.

/// info

Oauth2️⃣ "↔" 🎻 👈 📣 🎯 ✔ ✔.

⚫️ 🚫 🤔 🚥 ⚫️ ✔️ 🎏 🦹 💖 `:` ⚖️ 🚥 ⚫️ 📛.

👈 ℹ 🛠️ 🎯.

Oauth2️⃣ 👫 🎻.

///

## 🌐 🎑

They are normally used to declare specific security permissions, for example:

* `users:read` or `users:write` are common examples.
* `instagram_basic` is used by Facebook / Instagram.
* `https://www.googleapis.com/auth/drive` is used by Google.

/// info

In OAuth2 a "scope" is just a string that declares a specific permission required.

It doesn't matter if it has other characters like `:` or if it is a URL.

 * canceling may break the entire connection.
 */
class RealCall(
  val client: OkHttpClient,
  /** The application's original request unadulterated by redirects or auth headers. */
  val originalRequest: Request,
  val forWebSocket: Boolean,
) : Call,
  Cloneable,
  Lockable {
  private val connectionPool: RealConnectionPool = client.connectionPool.delegate