The benefit of raising an exception over returning a value will be more evident in the section about Dependencies and Security.

  ): Boolean {
    val requestSendStarted = e !is ConnectionShutdownException

    // The application layer has forbidden retries.
    if (!client.retryOnConnectionFailure) return false

    // We can't send the request body again.
    if (requestSendStarted && requestIsOneShot(e, userRequest)) return false

    // This exception is fatal.
    if (!isRecoverable(e, requestSendStarted)) return false

     */
    int DEFAULT_SO_TIMEOUT = 35000;
    /**
     * Default receive buffer size for SMB transport.
     */
    int DEFAULT_RCV_BUF_SIZE = 0xFFFF;
    /**
     * Default send buffer size for SMB transport.
     */
    int DEFAULT_SND_BUF_SIZE = 0xFFFF;
    /**
     * Default buffer size for change notification responses.
     */
    int DEFAULT_NOTIFY_BUF_SIZE = 1024;

    /**

 *  Fix: Improve connection timeout recovery.
 *  Fix: Recover from `getsockname` crashes impacting Android releases prior to
    4.2.2.
 *  Fix: Drop partial support for HTTP/1.0. Previously OkHttp would send
    `HTTP/1.0` on connections after seeing a response with `HTTP/1.0`. The fixed
    behavior is consistent with Firefox and Chrome.
 *  Fix: Allow a body in `OPTIONS` requests.

    call: Call,
    request: Request,
  ) {
  }

  /**
   * Invoked just prior to sending a request body.  Will only be invoked for request allowing and
   * having a request body to send.
   *
   * The connection is implicit, and will generally relate to the last [connectionAcquired] event.
   *
   * This can be invoked more than 1 time for a single [Call]. For example, if the response to the

         * response will not read a batched command and therefore
         * the 'received' member of the response object will not
         * be set to true indicating the send and sendTransaction
         * methods that the next part should be sent. This is a
         * very indirect and simple batching control mechanism.
         */

                }
            }
        }
    }

    private boolean checkChannelHealth(ChannelInfo channel) {
        // Simplified health check - in real implementation would send a ping/echo
        return channel.getTransport() != null;
    }

the API, in 1.2 you will either receive a 415 or 406 error.
The only client
this is known to affect is curl when you use -d with JSON but don't set a
content type, helpfully sends "application/x-www-urlencoded", which is not
correct.
Other client authors should double check that you are sending proper
accept and content type headers, or set no value (in which case JSON is the
default).

Em muitos casos, OAuth2 com escopos pode ser um exagero.

Mas se você sabe que precisa, ou está curioso, continue lendo.

///

## Escopos OAuth2 e OpenAPI

A especificação OAuth2 define "escopos" como uma lista de strings separadas por espaços.

	// Check auth here (otherwise r.Form will have unexpected values from
	// the call to `parseForm` below), but return failure only after we are
	// able to validate that it is a valid STS request, so that we are able
	// to send an appropriate audit log.
	user, apiErrCode := checkAssumeRoleAuth(ctx, r)

	if err := parseForm(r); err != nil {
		writeSTSErrorResponse(ctx, w, ErrSTSInvalidParameterValue, err)
		return
	}