<img src="/img/tutorial/security/image10.png">

/// note | Nota

Observa el header `Authorization`, con un valor que comienza con `Bearer `.

///

## Uso avanzado con `scopes` { #advanced-usage-with-scopes }

OAuth2 tiene la noción de "scopes".

Puedes usarlos para agregar un conjunto específico de permisos a un token JWT.

    mockWebServer.start(slackApi.port);
  }

  public HttpUrl newAuthorizeUrl(String scopes, String team, Listener listener) {
    if (mockWebServer == null) throw new IllegalStateException();

    ByteString state = randomToken();
    synchronized (this) {
      listeners.put(state, listener);
    }

    return slackApi.authorizeUrl(scopes, redirectUrl(), state, team);
  }

  private ByteString randomToken() {

     *
     * This method handles the complete search workflow including parameter processing,
     * query execution, result formatting, and logging. It supports automatic retry
     * with escaped queries if the initial search fails.
     *
     * @param searchRequestParams The search request parameters
     * @param data The search render data to populate with results

            @Override
            public Object execute(String expression, Object value) {
                if (value != null) {
                    // we're going to parse this back in as XML so we need to escape XML markup
                    value = value.toString()
                            .replace("&", "&")
                            .replace("<", "&lt;")
                            .replace(">", "&gt;");

public class WriteReplaceOverridesTest extends TestCase {
  private static final ImmutableSet<String> GUAVA_PACKAGES =
      FluentIterable.of(
              "base",
              "cache",
              "collect",
              "escape",
              "eventbus",
              "graph",
              "hash",
              "html",
              "io",
              "math",
              "net",
              "primitives",

 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 */

package com.google.common.escape;

import static com.google.common.base.Preconditions.checkNotNull;

import com.google.common.annotations.GwtCompatible;
import com.google.common.annotations.GwtIncompatible;

* Nunca armazene senhas em texto simples, apenas hashes de senha.
* Implemente e use ferramentas criptográficas bem conhecidas, como pwdlib e tokens JWT, etc.
* Adicione controles de permissão mais granulares com escopos OAuth2 quando necessário.
* ...etc.

   * invalid or in error.
   *
   * @since 8.0
   */
  public static final byte SUB = 26;

  /**
   * Escape: A control character intended to provide code extension (supplementary characters) in
   * general information interchange. The Escape character itself is a prefix affecting the
   * interpretation of a limited number of contiguously following characters.
   *
   * @since 8.0
   */

      multiple: true
      options:
        - com.google.common.annotations
        - com.google.common.base
        - com.google.common.cache
        - com.google.common.collect
        - com.google.common.escape
        - com.google.common.eventbus
        - com.google.common.graph
        - com.google.common.hash
        - com.google.common.io
        - com.google.common.math
        - com.google.common.net

```

### Run the `web-identity.go`

```
~ go run web-identity.go -cid example-app -csec ZXhhbXBsZS1hcHAtc2VjcmV0 \
     -config-ep http://127.0.0.1:5556/dex/.well-known/openid-configuration \
     -cscopes groups,openid,email,profile
```

```
~ mc admin policy create admin allaccess.json
```

Contents of `allaccess.json`

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {