We verify that we get a `username`, and extract the scopes.

And then we validate that data with the Pydantic model (catching the `ValidationError` exception), and if we get an error reading the JWT token or validating the data with Pydantic, we raise the `HTTPException` we created before.

For that, we update the Pydantic model `TokenData` with a new property `scopes`.

Now that we have **multiple models**, we can update the parts of the app that use them.

We receive in the request a `HeroCreate` *data model*, and from it, we create a `Hero` *table model*.

This new *table model* `Hero` will have the fields sent by the client, and will also have an `id` generated by the database.

And now, we can use `__init__` to declare the parameters of the instance that we can use to "parameterize" the dependency:

{* ../../docs_src/dependencies/tutorial011_an_py39.py hl[9] *}

In this case, **FastAPI** won't ever touch or care about `__init__`, we will use it directly in our code.

## Create an instance { #create-an-instance }

We could create an instance of this class with:

            of those modules are ones that it uses but forgets to list in its own <inherits>, we'd
            like to get an error. Currently we do, but if we add the extra <inherits> lines, we
            won't.

            I have one idea for a better approach, but it's painful, and I haven't tested it: We
            could postprocess Collect.gwt.xml to add <skip> lines for all the files that should be

`get_current_user` will have a dependency with the same `oauth2_scheme` we created before.

The same as we were doing before in the *path operation* directly, our new dependency `get_current_user` will receive a `token` as a `str` from the sub-dependency `oauth2_scheme`:

{* ../../docs_src/security/tutorial002_an_py310.py hl[25] *}

## Get the user { #get-the-user }

				continue
			}
			if yes := o.shouldSkip(ctx, entry); yes {
				// when we have not enough results, record the skipped entry
				if o.Limit > 0 && results.len() < o.Limit {
					results.lastSkippedEntry = entry.name
				}
				continue
			}
			if o.Limit > 0 && results.len() >= o.Limit {
				// We have enough and we have more.
				// Do not return io.EOF
				if resCh != nil {
					resErr = nil

So, in our example, we can make `tags` be specifically a "list of strings":

{* ../../docs_src/body_nested_models/tutorial002_py310.py hl[12] *}

## Set types { #set-types }

But then we think about it, and realize that tags shouldn't repeat, they would probably be unique strings.

And Python has a special data type for sets of unique items, the `set`.

Then we can declare `tags` as a set of strings:

///

We can also use this same approach to access the request body in an exception handler.

All we need to do is handle the request inside a `try`/`except` block:

{* ../../docs_src/custom_request_and_route/tutorial002.py hl[13,15] *}

If an exception occurs, the`Request` instance will still be in scope, so we can read and make use of the request body when handling the error:

    }

    /**
     * Tests the isCredentialTypeCorrect method with a null byte array.
     * This test is indirect as the constructor would throw an exception.
     * We can't instantiate the class with null, so we can't directly test this method's behavior with null.
     * However, the constructor logic `!isCredentialTypeCorrect()` covers this.

			if header.VersionID != uv {
				continue
			}
		}
		if found {
			continue
		}

		// We need a specific version, skip...
		if versionID != "" && uv != header.VersionID {
			isLatest = false
			succModTime = header.ModTime
			continue
		}

		// We found what we need.
		found = true
		var version xlMetaV2Version
		if _, err := version.unmarshalV(x.metaV, ver.meta); err != nil {