return
		}
		for user := range users {
			checkedUserList = append(checkedUserList, user)
		}
		checkedUserList = append(checkedUserList, globalActiveCred.AccessKey)
	} else {
		for _, user := range users {
			// Validate the user
			_, ok := globalIAMSys.GetUser(ctx, user)
			if !ok {
				continue
			}
			checkedUserList = append(checkedUserList, user)
		}
	}

	if s3Err != ErrNone {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL)
		return
	}

	userDN := r.Form.Get("userDN")

	// If listing is requested for a specific user (who is not the request
	// sender), check that the user has permissions.
	if userDN != "" && userDN != cred.ParentUser {
		if !globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,

///

```Python hl_lines="10"
{!> ../../docs_src/security/tutorial001.py!}
```

////

But that is still not that useful.

Let's make it give us the current user.

## Create a user model

First, let's create a Pydantic user model.

The same way we use Pydantic to declare bodies, we can use it anywhere else:

//// tab | Python 3.10+

```Python hl_lines="5  12-16"

under the License.
-->

<toolchains>
  <toolchain>
     <type>basic</type>
     <configuration>
       <user>true</user>
     </configuration>
  </toolchain>
  <toolchain>
     <type>rare</type>
     <configuration>
       <user>true</user>
     </configuration>
  </toolchain>

 * If the artifacts are found locally, Maven uses them directly, which speeds
 * up the build process by avoiding unnecessary downloads.</p>
 *
 * <p>By default, the local repository is located in the {@code .m2/repository}
 * directory within the user's home directory ({@code ~/.m2/repository} on
 * Unix-like systems or {@code C:\Users\YourName\.m2\repository} on Windows).

```JSON
{
  "detail": "Not authenticated"
}
```

### Inactive user

Now try with an inactive user, authenticate with:

User: `alice`

Password: `secret2`

And try to use the operation `GET` with the path `/users/me`.

You will get an "Inactive user" error, like:

```JSON
{
  "detail": "Inactive user"
}
```

## Recap

		return nil, err
	}

	m.Range(func(user string, mappedPolicy MappedPolicy) bool {
		if userPredicate != nil && !userPredicate(user) {
			return true
		}
		stsMap[user] = mappedPolicy.Policies
		return true
	})

	for user := range store.getParentUsers(cache) {
		if _, ok := stsMap[user]; !ok {
			if userPredicate != nil && !userPredicate(user) {
				continue
			}
			stsMap[user] = ""

	mappedPolicies := make([]MappedPolicy, len(users))
	g := errgroup.WithNErrs(len(users))

	for index := range users {
		index := index
		g.Go(func() error {
			userName := strings.TrimSuffix(users[index], ".json")
			userMP, err := iamOS.loadMappedPolicyInternal(ctx, userName, userType, isGroup)

That way, you can create a token with an expiration of, let's say, 1 week. And then when the user comes back the next day with the token, you know that user is still logged in to your system.

But in this case, the same **FastAPI** application will handle the API and the authentication.

So, let's review it from that simplified point of view:

* The user types the `username` and `password` in the frontend, and hits `Enter`.