* }</pre>
 *
 * <h2>When to Use DomUtils</h2>
 * <p>Use DomUtils methods when you need:
 * <ul>
 * <li>Maven-specific element ordering (insertNewElement, insertContentElement)</li>
 * <li>High-level helpers (addGAVElements, createDependency, createPlugin)</li>
 * <li>Null-safe operations (updateElementContent, removeElement)</li>
 * <li>Update-or-create patterns (updateOrCreateChildElement)</li>
 * </ul>
 *

In diese Exception fügen wir (falls vorhanden) die erforderlichen Scopes als durch Leerzeichen getrennten String ein (unter Verwendung von `scope_str`). Wir fügen diesen String mit den Scopes in den Header `WWW-Authenticate` ein (das ist Teil der Spezifikation).

{* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}

## Den `username` und das Format der Daten überprüfen { #verify-the-username-and-data-shape }

En esta excepción, incluimos los scopes requeridos (si los hay) como un string separado por espacios (usando `scope_str`). Ponemos ese string que contiene los scopes en el header `WWW-Authenticate` (esto es parte de la especificación).

{* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}

## Verificar el `username` y la forma de los datos { #verify-the-username-and-data-shape }

     -->

    <!-- SLF4J -->
    <exportedPackage>org.slf4j.*</exportedPackage>
    <exportedPackage>org.slf4j.spi.*</exportedPackage>
    <exportedPackage>org.slf4j.helpers.*</exportedPackage>
    <exportedPackage>org.slf4j.event.*</exportedPackage>
  </exportedPackages>

  <exportedArtifacts>
    <!-- maven 4 api -->

		return
	}

	// Ensure body content type is opaque to ensure that request body has not
	// been interpreted as form data.
	contentType := r.Header.Get("Content-Type")
	if contentType != "application/octet-stream" {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrBadRequest), r.URL)
		return
	}

	password := cred.SecretKey

	defer cancel()

	req, err := http.NewRequestWithContext(ctx, http.MethodGet, serverURL.String(), nil)
	if err != nil {
		return err
	}
	// Indicate that the liveness check for a peer call
	req.Header.Set(xhttp.MinIOPeerCall, "true")

	resp, err := httpClient.Do(req)
	if err != nil {
		return err
	}
	xhttp.DrainBody(resp.Body)

	return nil
}

<img src="/img/tutorial/security/image10.png">

/// note

Notice the header `Authorization`, with a value that starts with `Bearer `.

///

## Advanced usage with `scopes` { #advanced-usage-with-scopes }

OAuth2 has the notion of "scopes".

/// tip | Підказка

Ми використовуємо `Query()`, оскільки це **query параметр**. Далі ми розглянемо інші варіанти, як-от `Path()`, `Body()`, `Header()` та `Cookie()`, які приймають ті самі аргументи, що й `Query()`.

///

Тепер FastAPI:

* **Перевірить** дані, щоб переконатися, що їхня довжина не перевищує 50 символів

			newSetCounts[ss] = struct{}{}
		}
	}

	setCounts = []uint64{}
	for setCount := range newSetCounts {
		setCounts = append(setCounts, setCount)
	}

	// Not necessarily needed but it ensures to the readers
	// eyes that we prefer a sorted setCount slice for the
	// subsequent function to figure out the right common
	// divisor, it avoids loops.
	slices.Sort(setCounts)

	return setCounts
}

In this exception, we include the scopes required (if any) as a string separated by spaces (using `scope_str`). We put that string containing the scopes in the `WWW-Authenticate` header (this is part of the spec).

{* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}

## Verify the `username` and data shape { #verify-the-username-and-data-shape }