En esta excepción, incluimos los scopes requeridos (si los hay) como un string separado por espacios (usando `scope_str`). Ponemos ese string que contiene los scopes en el header `WWW-Authenticate` (esto es parte de la especificación).

{* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}

## Verificar el `username` y la forma de los datos { #verify-the-username-and-data-shape }

		return
	}

	// Ensure body content type is opaque to ensure that request body has not
	// been interpreted as form data.
	contentType := r.Header.Get("Content-Type")
	if contentType != "application/octet-stream" {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrBadRequest), r.URL)
		return
	}

	password := cred.SecretKey

	defer cancel()

	req, err := http.NewRequestWithContext(ctx, http.MethodGet, serverURL.String(), nil)
	if err != nil {
		return err
	}
	// Indicate that the liveness check for a peer call
	req.Header.Set(xhttp.MinIOPeerCall, "true")

	resp, err := httpClient.Do(req)
	if err != nil {
		return err
	}
	xhttp.DrainBody(resp.Body)

	return nil
}

<img src="/img/tutorial/security/image10.png">

/// note

Notice the header `Authorization`, with a value that starts with `Bearer `.

///

## Advanced usage with `scopes` { #advanced-usage-with-scopes }

OAuth2 has the notion of "scopes".

In this exception, we include the scopes required (if any) as a string separated by spaces (using `scope_str`). We put that string containing the scopes in the `WWW-Authenticate` header (this is part of the spec).

{* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}

## Verify the `username` and data shape { #verify-the-username-and-data-shape }

OpenAPI 中定義的安全模式，包括：

* HTTP 基本認證。
* **OAuth2**（也使用 **JWT tokens**）。在 [OAuth2 with JWT](tutorial/security/oauth2-jwt.md){.internal-link target=_blank} 查看教學。
* API 密鑰，在：
    * 標頭（Header）
    * 查詢參數
    * Cookies，等等。

加上来自 Starlette（包括 **session cookie**）的所有安全特性。

所有的這些都是可重複使用的工具和套件，可以輕鬆與你的系統、資料儲存（Data Stores）、關聯式資料庫（RDBMS）以及非關聯式資料庫（NoSQL）等等整合。


### 依賴注入（Dependency Injection）

		FreeVersion: fi.TierFreeVersion(),
		Tier:        fi.TransitionTier,
	}

	// etag/md5Sum has already been extracted. We need to
	// remove to avoid it from appearing as part of
	// response headers. e.g, X-Minio-* or X-Amz-*.
	// Tags have also been extracted, we remove that as well.
	objInfo.UserDefined = cleanMetadata(fi.Metadata)

	// All the parts per object.
	objInfo.Parts = fi.Parts

* o corpo do formulário
* o corpo do arquivo
* o corpo da função

* o parâmetro
* o parâmetro de corpo
* o parâmetro de path
* o parâmetro de query
* o parâmetro de cookie
* o parâmetro de header
* o parâmetro de formulário
* o parâmetro da função

* o evento
* o evento de inicialização
* a inicialização do servidor
* o evento de encerramento
* o evento de lifespan

* o manipulador

		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}
	globalNotificationSys.SignalConfigReload(subSys)
	// Tell the client that dynamic config was applied.
	w.Header().Set(madmin.ConfigAppliedHeader, madmin.ConfigAppliedTrue)
}

type badConfigErr struct {
	Err error
}

// Error - return the error message
func (bce badConfigErr) Error() string {

* HTTP Basic.
* **OAuth2** (aussi avec **JWT tokens**). Jetez un oeil au tutoriel [OAuth2 avec JWT](tutorial/security/oauth2-jwt.md){.internal-link target=_blank}.
* Clés d'API dans:
    * Le header.
    * Les paramètres de requêtes.
    * Les cookies, etc.

Plus toutes les fonctionnalités de sécurités venant de Starlette (incluant les **cookies de sessions**).