<img src="/img/tutorial/security/image10.png">

/// note | 備考

ヘッダーの`Authorization`には、`Bearer`で始まる値があります。

///

## `scopes` を使った高度なユースケース

OAuth2には、「スコープ」という概念があります。

これらを利用して、JWTトークンに特定の権限セットを追加することができます。

そして、このトークンをユーザーに直接、または第三者に与えて、制限付きでAPIを操作できます。

これらの使用方法や**FastAPI**への統合方法については、**高度なユーザーガイド**で後ほど説明します。

## 0.13.0

* Improve/upgrade OAuth2 scopes support with `SecurityScopes`:
    * `SecurityScopes` can be declared as a parameter like `Request`, to get the scopes of all super-dependencies/dependants.
    * Improve `Security` handling, merging scopes when declaring `SecurityScopes`.

pkg go/types, method (*Scope) Child(int) *Scope
pkg go/types, method (*Scope) Contains(token.Pos) bool
pkg go/types, method (*Scope) End() token.Pos
pkg go/types, method (*Scope) Innermost(token.Pos) *Scope
pkg go/types, method (*Scope) Insert(Object) Object
pkg go/types, method (*Scope) Len() int
pkg go/types, method (*Scope) Lookup(string) Object
pkg go/types, method (*Scope) LookupParent(string, token.Pos) (*Scope, Object)

			fmt.Sprintf("config_url=%s/.well-known/openid-configuration", testApp.ProviderURL),
			fmt.Sprintf("client_id=%s", testApp.ClientID),
			fmt.Sprintf("client_secret=%s", testApp.ClientSecret),
			"scopes=openid,groups",
			fmt.Sprintf("redirect_uri=%s", testApp.RedirectURL),
		}
		if rolePolicies[i] != "" {
			configCmds = append(configCmds, fmt.Sprintf("role_policy=%s", rolePolicies[i]))
		} else {

    making RNNCells act more like Keras layers.
    *   If an RNNCell is used twice in two different variable scopes, an error
        is raised describing how to avoid this behavior.
    *   If an RNNCell is used in a variable scope with existing conflicting
        variables, an error is raised showing that the RNNCell must be
        constructed with argument `reuse=True`.

    * Role bindings since the default scopes now include the "userinfo.email"
    * scope. This is a breaking change if the numeric uniqueIDs of the Google
    * service accounts were being used in RBAC role bindings. The behavior
    * can be overridden by explicitly specifying the scope values as
    * comma-separated string in the "users[*].config.scopes" field in the
    * KUBECONFIG file.

        byte[] dst = new byte[100];

        int length = name.writeWireFormat(dst, 0);

        // Scope should start at position 33 with a length byte (not '.')
        // The first byte after encoding would be the length of "scope"
        assertEquals(5, dst[33]); // Length of "scope"

        // Verify total length includes scope

  <name>Maven Integration Test :: it0063</name>
  <description>Test the use of a system scoped dependency to a (fake) tools.jar.</description>

  <dependencies>
    <dependency>
      <groupId>com.sun</groupId>
      <artifactId>tools</artifactId>
      <version>1.4.2</version>
      <scope>system</scope>
      <systemPath>${jre.home}/../lib/tools.jar</systemPath>
    </dependency>
  </dependencies>

        artifact = getArtifact(project, "maven-test-test", "scope-default");
        assertEquals("test", artifact.getScope(), "Check scope");
        artifact = getArtifact(project, "maven-test-test", "scope-runtime");
        assertEquals("test", artifact.getScope(), "Check scope");

        // check all transitive deps of a provided dependency are provided scope, except for test

ecret","value":""},{"key":"claim_name","value":"policy"},{"key":"claim_userinfo","value":""},{"key":"role_policy","value":""},{"key":"claim_prefix","value":""},{"key":"redirect_uri","value":""},{"key":"redirect_uri_dynamic","value":"off"},{"key":"scopes","value":""},{"key":"vendor","value":""},{"key":"keycloak_realm","value":""},{"key":"keycloak_admin_url","value":""}]},"identity_plugin":{"_":[{"key":"url","value":""},{"key":"auth_token","value":""},{"key":"role_policy","value":""},{"key":"role_...