* The OpenID Connect authenticator can now use a custom prefix, or omit the default prefix, for username and groups claims through the --oidc-username-prefix and --oidc-groups-prefix flags. For example, the authenticator can map a user with the username "jane" to "google:jane" by supplying the "google:" username prefix. ([#50875](https://github.com/kubernetes/kubernetes/pull/50875), [@ericchiang](https://github.com/ericchiang))

///

你可以使用 Pydantic 的模型設定來 `forbid` 任何 `extra` 欄位：

{* ../../docs_src/request_form_models/tutorial002_an_py310.py hl[12] *}

如果用戶端嘗試傳送額外資料，將會收到錯誤回應。

例如，用戶端若送出以下表單欄位：

* `username`: `Rick`
* `password`: `Portal Gun`
* `extra`: `Mr. Poopybutthole`

他們會收到一個錯誤回應，告知欄位 `extra` 不被允許：

```json
{
    "detail": [
        {
            "type": "extra_forbidden",

-------------------------------------
./gradlew run -Drun.license_type=trial
-------------------------------------

This enables security and other paid features and adds a superuser with the username: `elastic-admin` and
password: `elastic-password`.

==== Other useful arguments

- In order to start a node with a different max heap space add: `-Dtests.heap.size=4G`

makePolicyJob makePolicyJob: securityContext: enabled: false runAsUser: 1000 runAsGroup: 1000 resources: requests: memory: 128Mi # Command to run after the main command on exit exitCommand: "" ## List of users to be created after minio install ## users: ## Username, password and policy to be assigned to the user ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics] ## Add new policies as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-ma...

    /**
     * Get the value for the key 'search_engine.username'. <br>
     * The value is, e.g.  <br>
     * comment: Username for authenticating to the search engine.
     * @return The value of found property. (NotNull: if not found, exception but basically no way)
     */
    String getSearchEngineUsername();

    /**
     * Get the value for the key 'search_engine.username' as {@link Integer}. <br>

      override operator fun set(
        builder: HttpUrl.Builder,
        value: String,
      ) {
        builder.username(value)
      }

      override operator fun get(url: HttpUrl): String = url.username
    },

    PASSWORD {
      override fun urlString(value: String): String = "http://:$******@****.***/"

makePolicyJob makePolicyJob: securityContext: enabled: false runAsUser: 1000 runAsGroup: 1000 resources: requests: memory: 128Mi # Command to run after the main command on exit exitCommand: "" ## List of users to be created after minio install ## users: ## Username, password and policy to be assigned to the user ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics] ## Add new policies as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-ma...

 * is the usage of a URL scheme [1] to specify the target file or
 * directory. SmbFile URLs have the following syntax:
 *
 * <blockquote>
 *
 * <pre>
 *     smb://[[[domain;]username[:password]@]server[:port]/[[share/[dir/]file]]][?param=value[param2=value2[...]]]
 * </pre>
 *
 * </blockquote>
 *
 * This example:
 *
 * <blockquote>
 *
 * <pre>

		opts.claims[ldapUserN] = targetUser // simple username
		var lookupResult *xldap.DNSearchResult
		lookupResult, targetGroups, err = globalIAMSys.LDAPConfig.LookupUserDN(targetUser)
		if err != nil {
			writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
			return
		}
		targetUser = lookupResult.NormDN
		opts.claims[ldapUser] = targetUser // username DN
		opts.claims[ldapActualUser] = lookupResult.ActualDN

- When configuring a JWT authenticator:
  
  If `username.expression` used 'claims.email', then 'claims.email_verified' must have been used in `username.expression` or `extra[*].valueExpression` or `claimValidationRules[*].expression`. An example claim validation rule expression that matches the validation automatically applied when `username.claim` is set to 'email' is 'claims.?email_verified.orValue(true) == true'.