}
        }
    }

    static MyToken getNextUniqueToken(final PriorityQueue<MyToken> que, final MyToken prev) {
        while (true) {
            final MyToken token = que.poll();
            if (token == null) {
                return null;
            }
            if (prev == null || !prev.identical(token)) {
                return token;
            }
        }
    }

    private static SpnegoToken getToken(final byte[] token, final int off, final int len) throws SpnegoException {
        byte[] b = new byte[len];
        if (off == 0 && token.length == len) {
            b = token;
        } else {
            System.arraycopy(token, off, b, 0, len);
        }
        return getToken(b);
    }

    private static SpnegoToken getToken(final byte[] token) throws SpnegoException {

    response = client.put(
        "/items/bar?token=jessica", headers={"X-Token": "fake-super-secret-token"}
    )
    assert response.status_code == 403, response.text
    assert response.json() == {"detail": "You can only update the item: plumbus"}


def test_admin(client: TestClient):
    response = client.post(
        "/admin/?token=jessica", headers={"X-Token": "fake-super-secret-token"}
    )

        // Security Buffer Length
        assertEquals(token.length, SMBUtil.readInt2(buffer, bodyOffset + 14));

        // Previous Session ID
        assertEquals(previousSessionId, SMBUtil.readInt8(buffer, bodyOffset + 16));

        // Token content
        byte[] actualToken = new byte[token.length];
        System.arraycopy(buffer, securityBufferOffset, actualToken, 0, token.length);
        assertArrayEquals(token, actualToken);

Actualiza `get_current_user` para recibir el mismo token que antes, pero esta vez, usando tokens JWT.

Decodifica el token recibido, verifícalo y devuelve el usuario actual.

Si el token es inválido, devuelve un error HTTP de inmediato.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Actualizar la *path operation* `/token` { #update-the-token-path-operation }

Update `get_current_user` to receive the same token as before, but this time, using JWT tokens.

Decode the received token, verify it, and return the current user.

If the token is invalid, return an HTTP error right away.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Update the `/token` *path operation* { #update-the-token-path-operation }

    }

    /**
     * Constructs a NegTokenInit by parsing the provided token bytes
     * @param token the SPNEGO token bytes to parse
     * @throws IOException if parsing fails
     */
    public NegTokenInit(final byte[] token) throws IOException {
        parse(token);
    }

    /**
     * Gets the context flags indicating security capabilities

 * <li>TOKEN_NAME - The name of the token parameter.</li>
 * <li>TOKEN_METHOD - The HTTP method to use for the token request (GET or POST).</li>
 * <li>TOKEN_PARAMTERS - The parameters to include in the token request.</li>
 * <li>LOGIN_METHOD - The HTTP method to use for the login request (GET or POST).</li>
 * <li>LOGIN_URL - The URL to send the login request to.</li>

Aber er ist signiert. Wenn Sie also einen von Ihnen gesendeten Token zurückerhalten, können Sie überprüfen, ob Sie ihn tatsächlich gesendet haben.

Auf diese Weise können Sie einen Token mit einer Gültigkeitsdauer von beispielsweise einer Woche erstellen. Und wenn der Benutzer am nächsten Tag mit dem Token zurückkommt, wissen Sie, dass der Benutzer immer noch bei Ihrem System angemeldet ist.

    void testParseRejectsUnknownField() throws Exception {
        ASN1TaggedObject unknown = new DERTaggedObject(true, 7, new DEROctetString(new byte[] { 0x01 }));
        byte[] token = buildInitToken(new ASN1ObjectIdentifier[] { OID_KRB }, 0, null, null, false, null, null, unknown);

        IOException ex = assertThrows(IOException.class, () -> new NegTokenInit(token));