Die Instanz der Klassenabhängigkeit `OAuth2PasswordRequestForm` verfügt, statt eines Attributs `scope` mit dem durch Leerzeichen getrennten langen String, über das Attribut `scopes` mit einer tatsächlichen Liste von Strings, einem für jeden gesendeten Scope.

In diesem Beispiel verwenden wir keine `scopes`, aber die Funktionalität ist vorhanden, wenn Sie sie benötigen.

///

/// tip

The instance of the dependency class `OAuth2PasswordRequestForm` won't have an attribute `scope` with the long string separated by spaces, instead, it will have a `scopes` attribute with the actual list of strings for each scope sent.

We are not using `scopes` in this example, but the functionality is there if you need it.

///

Now, get the user data from the (fake) database, using the `username` from the form field.

/// tip | Consejo

La instance de la clase de dependencia `OAuth2PasswordRequestForm` no tendrá un atributo `scope` con el string largo separado por espacios, en su lugar, tendrá un atributo `scopes` con la lista real de strings para cada scope enviado.

No estamos usando `scopes` en este ejemplo, pero la funcionalidad está ahí si la necesitas.

///

Ahora, obtén los datos del usuario desde la base de datos (falsa), usando el `username` del campo del form.

                    "flows": {
                        "authorizationCode": {
                            "authorizationUrl": "authorize",
                            "tokenUrl": "token",
                            "scopes": {},
                        }
                    },
                    "description": "OAuth2 Code Bearer",
                }
            }
        },

            }
        },
        "components": {
            "securitySchemes": {
                "OAuth2PasswordBearer": {
                    "type": "oauth2",
                    "flows": {"password": {"scopes": {}, "tokenUrl": "/token"}},
                }
            }
        },

	}

	if len(stmt.Joins) > 0 {
		newStmt.Joins = make([]join, len(stmt.Joins))
		copy(newStmt.Joins, stmt.Joins)
	}

	if len(stmt.scopes) > 0 {
		newStmt.scopes = make([]func(*DB) *DB, len(stmt.scopes))
		copy(newStmt.scopes, stmt.scopes)
	}

	stmt.Settings.Range(func(k, v interface{}) bool {
		newStmt.Settings.Store(k, v)
		return true
	})

	return newStmt
}

/// note | Техническая информация
Обратите внимание на HTTP-заголовок `Authorization`, значение которого начинается с `Bearer `.
///

## Продвинутое использование `scopes` { #advanced-usage-with-scopes }

В OAuth2 существует понятие "диапазоны" ("`scopes`").

С их помощью можно добавить определенный набор разрешений к JWT-токену.

Tudo que precisamos fazer é manipular a requisição dentro de um bloco `try`/`except`:

{* ../../docs_src/custom_request_and_route/tutorial002_an_py310.py hl[14,16] *}

Se uma exceção ocorrer, a instância `Request` ainda estará em escopo, então podemos ler e fazer uso do corpo da requisição ao lidar com o erro:

{* ../../docs_src/custom_request_and_route/tutorial002_an_py310.py hl[17:19] *}

./mc cp /etc/hosts myminio/test-bucket

./mc idp openid add myminio \
	config_url="http://localhost:5556/dex/.well-known/openid-configuration" \
	client_id="minio-client-app" \
	client_secret="minio-client-app-secret" \
	scopes="openid,groups,email,profile" \
	redirect_uri="http://127.0.0.1:10000/oauth_callback" \
	display_name="Login via dex1" \
	role_policy="consoleAdmin"

./mc admin service restart myminio --json
./mc ready myminio

import static java.lang.Math.max;

import com.google.common.annotations.GwtCompatible;
import com.google.common.escape.UnicodeEscaper;
import org.jspecify.annotations.Nullable;

/**
 * A {@code UnicodeEscaper} that escapes some set of Java characters using a UTF-8 based percent
 * encoding scheme. The set of safe characters (those which remain unescaped) can be specified on
 * construction.
 *