/// note | Hinweis

Beachten Sie den Header `Authorization` mit einem Wert, der mit `Bearer ` beginnt.

///

## Fortgeschrittene Verwendung mit `scopes` { #advanced-usage-with-scopes }

OAuth2 hat ein Konzept von <abbr title="Geltungsbereiche">„Scopes“</abbr>.

Sie können diese verwenden, um einem JWT-Token einen bestimmten Satz von Berechtigungen zu übergeben.

<img src="/img/tutorial/security/image10.png">

/// note | Nota

Observa el header `Authorization`, con un valor que comienza con `Bearer `.

///

## Uso avanzado con `scopes` { #advanced-usage-with-scopes }

OAuth2 tiene la noción de "scopes".

Puedes usarlos para agregar un conjunto específico de permisos a un token JWT.

      - run: ./gradlew compileAll -DdisableLocalCache=true ${{ steps.determine-sys-prop-args.outputs.sys-prop-args }}
      - uses: actions/upload-artifact@v7
        if: always()
        with:
          name: build-receipt.properties
          path: platforms/core-runtime/base-services/build/generated-resources/build-receipt/org/gradle/build-receipt.properties
    outputs:
      matrix: ${{ steps.setup-matrix.outputs.matrix }}

jobs:
  changes:
    runs-on: ubuntu-latest
    # Required permissions
    permissions:
      pull-requests: read
    # Set job outputs to values from filter step
    outputs:
      docs: ${{ steps.filter.outputs.docs }}
    steps:
    - uses: actions/checkout@v6
    # For pull requests it's not necessary to checkout the code but for the main branch it is
    - uses: dorny/paths-filter@v4
      id: filter
      with:

        title: '${{ github.event.inputs.release_branch }} cherry-pick: ${{ steps.cherrypick.outputs.SHORTSHA }} "${{ steps.cherrypick.outputs.TITLE }}"'
        committer: TensorFlow Release Automation <******@****.***>
        token: ${{ secrets.JENKINS_TOKEN }}
        base: ${{ github.event.inputs.release_branch }}
        branch: ${{ github.event.inputs.release_branch }}-${{ steps.cherrypick.outputs.SHORTSHA }}
        reviewers: learning-to-play

<img src="/img/tutorial/security/image10.png">

/// note | 참고

`Bearer `로 시작하는 값을 가진 `Authorization` 헤더에 주목하십시오.

///

## `scopes`의 고급 사용법 { #advanced-usage-with-scopes }

OAuth2에는 "scopes"라는 개념이 있습니다.

이를 사용해 JWT 토큰에 특정 권한 집합을 추가할 수 있습니다.

그런 다음 이 토큰을 사용자에게 직접 제공하거나 제3자에게 제공하여, 특정 제한사항 하에서 API와 상호작용하도록 할 수 있습니다.

/// note | Remarque

Remarquez l'en-tête `Authorization`, avec une valeur qui commence par `Bearer `.

///

## Utilisation avancée avec `scopes` { #advanced-usage-with-scopes }

OAuth2 comporte la notion de « scopes ».

Vous pouvez les utiliser pour ajouter un ensemble spécifique d'autorisations à un jeton JWT.

    mockWebServer.start(slackApi.port);
  }

  public HttpUrl newAuthorizeUrl(String scopes, String team, Listener listener) {
    if (mockWebServer == null) throw new IllegalStateException();

    ByteString state = randomToken();
    synchronized (this) {
      listeners.put(state, listener);
    }

    return slackApi.authorizeUrl(scopes, redirectUrl(), state, team);
  }

  private ByteString randomToken() {

/**
 * Meta-annotation that marks other annotations as scope annotations.
 * <p>
 * Scopes define the lifecycle and visibility of objects in the dependency injection
 * system. Custom scope annotations should be annotated with {@code @Scope}.
 * <p>
 * Built-in scopes include:
 * <ul>
 *   <li>{@link Singleton} - One instance per container</li>

 * to be lightweight yet powerful, supporting various scopes of object lifecycle from
 * singleton instances to mojo-execution-scoped beans.
 * <p>
 * Key features include:
 * <ul>
 *   <li>Constructor, method, and field injection</li>
 *   <li>Qualifiers for distinguishing between beans of the same type</li>
 *   <li>Multiple scopes (Singleton, Session, and MojoExecution)</li>