Actualiza `get_current_user` para recibir el mismo token que antes, pero esta vez, usando tokens JWT.

Decodifica el token recibido, verifícalo y devuelve el usuario actual.

Si el token es inválido, devuelve un error HTTP de inmediato.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Actualizar la *path operation* `/token`

Crea un `timedelta` con el tiempo de expiración del token.

    }

    /**
     * Constructs a NegTokenInit by parsing the provided token bytes
     * @param token the SPNEGO token bytes to parse
     * @throws IOException if parsing fails
     */
    public NegTokenInit(final byte[] token) throws IOException {
        parse(token);
    }

    /**
     * Gets the context flags indicating security capabilities

 * <li>TOKEN_NAME - The name of the token parameter.</li>
 * <li>TOKEN_METHOD - The HTTP method to use for the token request (GET or POST).</li>
 * <li>TOKEN_PARAMTERS - The parameters to include in the token request.</li>
 * <li>LOGIN_METHOD - The HTTP method to use for the login request (GET or POST).</li>
 * <li>LOGIN_URL - The URL to send the login request to.</li>

    void testParseRejectsUnknownField() throws Exception {
        ASN1TaggedObject unknown = new DERTaggedObject(true, 7, new DEROctetString(new byte[] { 0x01 }));
        byte[] token = buildInitToken(new ASN1ObjectIdentifier[] { OID_KRB }, 0, null, null, false, null, null, unknown);

        IOException ex = assertThrows(IOException.class, () -> new NegTokenInit(token));

Aber er ist signiert. Wenn Sie also einen von Ihnen gesendeten Token zurückerhalten, können Sie überprüfen, ob Sie ihn tatsächlich gesendet haben.

Auf diese Weise können Sie einen Token mit einer Gültigkeitsdauer von beispielsweise einer Woche erstellen. Und wenn der Benutzer am nächsten Tag mit dem Token zurückkommt, wissen Sie, dass der Benutzer immer noch bei Ihrem System angemeldet ist.

        // Security Buffer Length
        assertEquals(token.length, SMBUtil.readInt2(buffer, bodyOffset + 14));

        // Previous Session ID
        assertEquals(previousSessionId, SMBUtil.readInt8(buffer, bodyOffset + 16));

        // Token content
        byte[] actualToken = new byte[token.length];
        System.arraycopy(buffer, securityBufferOffset, actualToken, 0, token.length);
        assertArrayEquals(token, actualToken);

Update `get_current_user` to receive the same token as before, but this time, using JWT tokens.

Decode the received token, verify it, and return the current user.

If the token is invalid, return an HTTP error right away.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Update the `/token` *path operation* { #update-the-token-path-operation }

        this.targetName = targetName;
    }

    @Override
    public byte[] initSecContext(final byte[] token, final int offset, final int len) throws SmbException {
        return switch (this.state) {
        case 1 -> makeNegotiate(token);
        case 2 -> makeAuthenticate(token);
        default -> throw new SmbException("Invalid state");
        };
    }

    /**

        @Override
        public byte[] initSecContext(byte[] token, int off, int len) throws CIFSException {
            if (token == null) {
                if (len == 0) {
                    return new byte[0];
                }
                throw new CIFSException("token is null but len > 0");
            }
            if (off < 0 || len < 0 || off > token.length || off + len > token.length) {

					s.token = token
					s.done = true
					// When token is not nil, it means the scanning stops
					// with a trailing token, and thus the return value
					// should be true to indicate the existence of the token.
					return token != nil
				}
				s.setErr(err)
				return false
			}
			if !s.advance(advance) {
				return false
			}
			s.token = token
			if token != nil {