* A cookie.
* `http`: standard HTTP authentication systems, including:
    * `bearer`: a header `Authorization` with a value of `Bearer ` plus a token. This is inherited from OAuth2.
    * HTTP Basic authentication.
    * HTTP Digest, etc.
* `oauth2`: all the OAuth2 ways to handle security (called "flows").
    * Several of these flows are appropriate for building an OAuth 2.0 authentication provider (like Google, Facebook, X (Twitter), GitHub, etc):

// Copyright 2012 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package bytes

import (
	"errors"
	"io"
	"unicode/utf8"
)

// A Reader implements the [io.Reader], [io.ReaderAt], [io.WriterTo], [io.Seeker],
// [io.ByteScanner], and [io.RuneScanner] interfaces by reading from
// a byte slice.

    this.replacements = escaperMap.getReplacementArray();
    this.replacementsLength = replacements.length;
    if (safeMax < safeMin) {
      // If the safe range is empty, set the range limits to opposite extremes
      // to ensure the first test of either value will fail.
      safeMax = -1;
      safeMin = Integer.MAX_VALUE;
    }
    this.safeMin = safeMin;
    this.safeMax = safeMax;

            md.update((byte) (ms_usage >> 8 & 0xFF));
            md.update((byte) (ms_usage >> 16 & 0xFF));
            md.update((byte) (ms_usage >> 24 & 0xFF));
            byte[] dgst = md.digest(data);
            mac.reset();
            mac.init(new SecretKeySpec(dk, HMAC_KEY));
            return mac.doFinal(dgst);
        } finally {
            Arrays.fill(dk, 0, dk.length, (byte) 0);
        }
    }

#!/bin/bash -eu
# Copyright 2016 The TensorFlow Authors. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,

// Copyright 2011 Google Inc. All Rights Reserved.

package com.google.common.hash;

import static com.google.common.base.Preconditions.checkPositionIndexes;
import static com.google.common.hash.LittleEndianByteArray.load64;
import static com.google.common.hash.LittleEndianByteArray.load64Safely;
import static java.lang.Long.rotateRight;

import com.google.common.annotations.VisibleForTesting;

/**

* `apiKey`：應用程式特定的金鑰，來源可以是：
    * 查詢參數。
    * 標頭（header）。
    * Cookie。
* `http`：標準的 HTTP 驗證系統，包括：
    * `bearer`：使用 `Authorization` 標頭，值為 `Bearer ` 加上一個 token。這是從 OAuth2 延伸而來。
    * HTTP Basic 驗證。
    * HTTP Digest 等。
* `oauth2`：所有 OAuth2 的安全性處理方式（稱為「flows」）。
    * 其中數個 flow 適合用來建立 OAuth 2.0 身分驗證提供者（如 Google、Facebook、X（Twitter）、GitHub 等）：
        * `implicit`
        * `clientCredentials`
        * `authorizationCode`

    }

    @Test
    public void test_variousTokenTypes() {
        // Test with various common token types
        String[] tokenTypes = { "Bearer", "JWT", "OAuth", "OAuth2", "APIKey", "Session", "Basic", "Digest", "SAML", "OpenID" };

        for (String tokenType : tokenTypes) {
            String message = tokenType + " token is invalid";

/*
 * Copyright (c) aQute SARL (2000, 2021). All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,

* `http` : des systèmes d'authentification HTTP standards, notamment :
    * `bearer` : un en-tête `Authorization` avec une valeur `Bearer ` plus un jeton. Hérité d'OAuth2.
    * Authentification HTTP Basic.
    * HTTP Digest, etc.
* `oauth2` : toutes les méthodes OAuth2 pour gérer la sécurité (appelées « flows »).