这些安全方案在使用 OAuth2 时，还可以声明和使用作用域。

**作用域**只是（不带空格的）字符串。

常用于声明特定安全权限，例如：

* 常见用例为，`users:read` 或 `users:write`
* 脸书和 Instagram 使用 `instagram_basic`
* 谷歌使用 `https://www.googleapis.com/auth/drive`

/// info | 说明

OAuth2 中，**作用域**只是声明特定权限的字符串。

是否使用冒号 `:` 等符号，或是不是 URL 并不重要。

这些细节只是特定的实现方式。

对 OAuth2 来说，它们都只是字符串而已。

///

## 全局纵览

   * most common configuration.
   */
  public fun noClientAuth() {
    this.clientAuth = CLIENT_AUTH_NONE
  }

  /**
   * Configure the server to [want client auth][SSLSocket.setWantClientAuth]. If the
   * client presents a certificate that is [trusted][TrustManager] the handshake will
   * proceed normally. The connection will also proceed normally if the client presents no

labels.dict_synonym_details=Dict Synonym Details
labels.duplicate_host_details=Duplicate Host Details
labels.elevate_word_details=Elevate Word Details
labels.failure_url_details=Failure Url Details
labels.file_auth_details=File Auth Details
labels.file_config_details=File Config Details
labels.group_details=Group Details
labels.job_log_details=Job Log Details
labels.key_match_details=Key Match Details
labels.labeltype_details=Labeltype Details

labels.dict_synonym_details=Dict Synonym Детали
labels.duplicate_host_details=Duplicate Host Детали
labels.elevate_word_details=Elevate Word Детали
labels.failure_url_details=Failure Url Детали
labels.file_auth_details=File Auth Детали
labels.file_config_details=File Config Детали
labels.group_details=Group Детали
labels.job_log_details=Job Log Детали
labels.key_match_details=Key Match Детали
labels.labeltype_details=Labeltype Детали

        headers = headersOf("www-authenticate", "Basic realm=\"protected area\""),
        body = "Please authenticate.",
      ),
    )
    server.enqueue(
      MockResponse(body = "Successful auth!"),
    )
    val credential = basic("username", "password")
    client =
      client
        .newBuilder()
        .authenticator(RecordingOkAuthenticator(credential, "Basic"))
        .build()

	claims, err := auth.ExtractClaims(stsCred.SessionToken, secretKey)
	if err != nil {
		return fmt.Errorf("STS credential could not be verified: %w", err)
	}

	mapClaims := claims.Map()
	expiry, err := auth.ExpToInt64(mapClaims["exp"])
	if err != nil {
		return fmt.Errorf("Expiry claim was not found: %v: %w", mapClaims, err)
	}

	cred := auth.Credentials{

import org.codelibs.fess.crawler.helper.ContentLengthHelper;
import org.codelibs.fess.crawler.helper.MimeTypeHelper;

import com.google.api.gax.paging.Page;
import com.google.auth.oauth2.ServiceAccountCredentials;
import com.google.cloud.NoCredentials;
import com.google.cloud.storage.Blob;
import com.google.cloud.storage.BlobId;
import com.google.cloud.storage.Storage;

            return;
        }

        if (logger.isDebugEnabled()) {
            logger.debug("Initializing SmbClient...");
        }

        super.init();

        // smb auth
        final SmbAuthenticationHolder holder = new SmbAuthenticationHolder();
        final SmbAuthentication[] smbAuthentications =

They are normally used to declare specific security permissions, for example:

* `users:read` or `users:write` are common examples.
* `instagram_basic` is used by Facebook / Instagram.
* `https://www.googleapis.com/auth/drive` is used by Google.

/// info

In OAuth2 a "scope" is just a string that declares a specific permission required.

It doesn't matter if it has other characters like `:` or if it is a URL.

            } else {
                if (!this.ctx.renewCredentials(loc.getURL().toString(), sae)) {
                    throw sae;
                }
                log.debug("Trying to renew credentials after auth error");
                try (SmbSessionInternal s = trans.getSmbSession(this.ctx, treesess.getTargetHost(), treesess.getTargetDomain())