./mc cp /etc/hosts myminio/test-bucket

./mc idp openid add myminio \
	config_url="http://localhost:5556/dex/.well-known/openid-configuration" \
	client_id="minio-client-app" \
	client_secret="minio-client-app-secret" \
	scopes="openid,groups,email,profile" \
	redirect_uri="http://127.0.0.1:10000/oauth_callback" \
	display_name="Login via dex1" \
	role_policy="consoleAdmin"

./mc admin service restart myminio --json
./mc ready myminio

        }
        return projectKeys;
    }

    private Collection<String> negate(Collection<String> scopes) {
        Collection<String> result = new HashSet<>();
        Collections.addAll(result, "system", "compile", "provided", "runtime", "test");

        for (String scope : scopes) {
            if ("compile".equals(scope)) {
                result.remove("compile");
                result.remove("system");

 *
 * A type is part of the Gradle public API if and only if its FQCN matches {@link #includes} and does not match {@link #excludes}.
 */
// NOTE: If you update this, please also change .idea/scopes/Gradle_public_API.xml
object PublicApi {
    val includes = listOf(
        "org/gradle/*",
        "org/gradle/api/**",
        "org/gradle/authentication/**",
        "org/gradle/build/**",

MINIO_IDENTITY_OPENID_CLAIM_NAME            (string)    JWT canned policy claim name (default: 'policy')
MINIO_IDENTITY_OPENID_SCOPES                (csv)       Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"

### `scope` { #scope }

A especificação também diz que o cliente pode enviar outro campo de formulário "`scope`".

O nome do campo do formulário é `scope` (no singular), mas na verdade é uma longa string com "escopos" separados por espaços.

Cada “scope” é apenas uma string (sem espaços).

import org.apache.maven.impl.DefaultRepositoryFactory;
import org.apache.maven.impl.InternalSession;
import org.apache.maven.impl.model.DefaultInterpolator;
import org.apache.maven.impl.resolver.scopes.Maven4ScopeManagerConfiguration;
import org.apache.maven.internal.impl.DefaultSession;
import org.codehaus.plexus.PlexusContainer;
import org.codehaus.plexus.testing.PlexusTest;

        return "user"

    app = FastAPI()

    @app.get("/")
    def endpoint(
        db: Annotated[str, Depends(get_db)],
        user: Annotated[str, Security(get_user, scopes=["read"])],
    ):
        return {"db": db}

    return app


@pytest.fixture(name="client")
def client_fixture(app: FastAPI):
    return TestClient(app)

                            "title": "Password",
                            "type": "string",
                            "format": "password",
                        },
                        "scope": {"title": "Scope", "type": "string", "default": ""},
                        "client_id": {
                            "title": "Client Id",
                            "anyOf": [{"type": "string"}, {"type": "null"}],

* Никогда не храните пароли в открытом виде, только хэши паролей.
* Реализуйте и используйте известные криптографические инструменты, например pwdlib и JWT-токены, и т.д.
* Добавьте более тонкое управление доступом с помощью OAuth2 scopes (областей) там, где это необходимо.
* ...и т.п.

func (cs *callbacks) Row() *processor {
	return cs.processors["row"]
}

func (cs *callbacks) Raw() *processor {
	return cs.processors["raw"]
}

func (p *processor) Execute(db *DB) *DB {
	// call scopes
	for len(db.Statement.scopes) > 0 {
		db = db.executeScopes()
	}

	var (
		curTime           = time.Now()
		stmt              = db.Statement
		resetBuildClauses bool
	)

	if len(stmt.BuildClauses) == 0 {