Header("accept-language", ""),
      Header("accept-ranges", ""),
      Header("accept", ""),
      Header("access-control-allow-origin", ""),
      Header("age", ""),
      Header("allow", ""),
      Header("authorization", ""),
      Header("cache-control", ""),
      Header("content-disposition", ""),
      Header("content-encoding", ""),
      Header("content-language", ""),
      Header("content-length", ""),

    public static NtlmPasswordAuthentication authenticate(final HttpServletRequest req, final HttpServletResponse resp,
            final byte[] challenge) throws IOException, ServletException {
        String msg = req.getHeader("Authorization");
        if (msg != null && msg.startsWith("NTLM ")) {
            final byte[] src = Base64.decode(msg.substring(5));
            if (src[8] == 1) {
                final Type1Message type1 = new Type1Message(src);

     * @param request The request.
     * @return The access token.
     */
    public String getAccessTokenFromRequest(final HttpServletRequest request) {
        final String token = request.getHeader("Authorization");
        if (token != null) {
            final String[] values = token.trim().split(" ");
            if (values.length == 2 && BEARER.equals(values[0])) {
                return values[1];
            }

* `apiKey`: uma chave específica de aplicação que pode vir de:
    * Um parâmetro query.
    * Um header.
    * Um cookie.
* `http`: padrão HTTP de sistemas autenticação, incluindo:
    * `bearer`: um header de `Authorization` com valor de `Bearer` adicionado de um token. Isso é herança do OAuth2.
    * HTTP Basic authentication.
    * HTTP Digest, etc.
* `oauth2`: todas as formas do OAuth2 para lidar com segurança (chamados "fluxos").

  public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";

  /** The HTTP {@code Authorization} header field name. */
  public static final String AUTHORIZATION = "Authorization";

  /** The HTTP {@code Connection} header field name. */
  public static final String CONNECTION = "Connection";

  /** The HTTP {@code Cookie} header field name. */

In this section you will see how to manage authentication and authorization with the same OAuth2 with scopes in your **FastAPI** application.

/// warning

This is a more or less advanced section. If you are just starting, you can skip it.

You don't necessarily need OAuth2 scopes, and you can handle authentication and authorization however you want.

import org.apache.maven.wagon.StreamWagon;
import org.apache.maven.wagon.TransferFailedException;
import org.apache.maven.wagon.authentication.AuthenticationException;
import org.apache.maven.wagon.authorization.AuthorizationException;
import org.apache.maven.wagon.resource.Resource;

@Named("string")
@Singleton
public class StringWagon extends StreamWagon {
    private Map<String, String> expectedContent = new HashMap<>();

/** Returns true if we should void putting this this header in an exception or toString(). */
internal fun isSensitiveHeader(name: String): Boolean =
  name.equals("Authorization", ignoreCase = true) ||
    name.equals("Cookie", ignoreCase = true) ||
    name.equals("Proxy-Authorization", ignoreCase = true) ||
    name.equals("Set-Cookie", ignoreCase = true)

internal fun Char.parseHexDigit(): Int =
  when (this) {

  "requestPath": "/testbucket/hosts",
  "requestHost": "localhost:9000",
  "requestHeader": {
    "Accept-Encoding": "zstd,gzip",
    "Authorization": "AWS4-HMAC-SHA256 Credential=minioadmin/20240509/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length,Signature=d4d6862e6cc61011a61fa801da71048ece4f32a0562cad6bb88bdda50d7fcb95",

      if (response.code == 401) {
        assertThat(response.body.string()).isEqualTo("{\"error\":{\"message\":\"No auth credentials found\",\"code\":401}}")
        request = request.newBuilder().header("Authorization", "XYZ").build()
      } else {
        response.processEventSource(listener)
        listener.assertOpen()
        listener.assertEvent(null, null, "hey")
        listener.assertClose()
      }
    }