try {
            // Measure timing for differences at different positions
            long timeStart = measureEqualsTime(baseAuth, startAuth, TIMING_ITERATIONS);
            long timeMiddle = measureEqualsTime(baseAuth, middleAuth, TIMING_ITERATIONS);
            long timeEnd = measureEqualsTime(baseAuth, endAuth, TIMING_ITERATIONS);

            // Calculate relative timing differences

            // Log the size mismatch for debugging but don't throw exception
            // This can occur due to padding alignment differences between size8() and pad8()
            if (log.isDebugEnabled()) {
                log.debug("Size calculation mismatch: expected {} but got {} (difference: {})", exp, actual, actual - exp);
            }
        }
        return len;
    }

    /**
     * {@inheritDoc}

Also, the best approach was to use already existing standards.

So, before even starting to code **FastAPI**, I spent several months studying the specs for OpenAPI, JSON Schema, OAuth2, etc. Understanding their relationship, overlap, and differences.

## Design { #design }

Then I spent some time designing the developer "API" I wanted to have as a user (as a developer using FastAPI).

* And it could also have a declaration of the response it should return, e.g. `response_model=InvoiceEventReceived`.

{* ../../docs_src/openapi_callbacks/tutorial001.py hl[16:18,21:22,28:32] *}

There are 2 main differences from a normal *path operation*:

* It doesn't need to have any actual code, because your app will never call this code. It's only used to document the *external API*. So, the function could just have `pass`.

The MinIO Security Token Service (STS) is an endpoint service that enables clients to request temporary credentials for MinIO resources. Temporary credentials work almost identically to default admin credentials, with some differences:

All the data conversion, validation, documentation, etc. will still work as normally.

That way, we can declare just the differences between the models (with plaintext `password`, with `hashed_password` and without password):

{* ../../docs_src/extra_models/tutorial002_py310.py hl[7,13:14,17:18,21:22] *}

## `Union` or `anyOf` { #union-or-anyof }

   *
   * <p>This fit minimizes the root-mean-square error in {@code y} as a function of {@code x}. This
   * error is defined as the square root of the mean of the squares of the differences between the
   * actual {@code y} values of the data and the values predicted by the fit for the {@code x}
   * values (i.e. it is the square root of the mean of the squares of the vertical distances between

      ).build()
  }

  private fun buildServerSslSocketFactory(): SSLSocketFactory {
    // The test uses JDK default SSL Context instead of the Platform provided one
    // as Conscrypt seems to have some differences, we only want to test client side here.
    return try {
      val keyManager =
        newKeyManager(
          null,
          serverCert,
          serverIntermediateCa.certificate,
        )

        PacDataInputStream pacStream = new PacDataInputStream(bais);

        Date date = pacStream.readFiletime();
        assertNotNull(date);
        // The date should be around 1970 (allowing for some conversion differences)
        assertTrue(date.getYear() + 1900 >= 1969 && date.getYear() + 1900 <= 1971);
    }

    @Test
    @DisplayName("Test invalid FILETIME handling")
    void testInvalidFiletime() throws Exception {

{* ../../docs_src/sql_databases/tutorial001_an_py310.py ln[1:11] hl[7:11] *}

The `Hero` class is very similar to a Pydantic model (in fact, underneath, it actually *is a Pydantic model*).

There are a few differences:

* `table=True` tells SQLModel that this is a *table model*, it should represent a **table** in the SQL database, it's not just a *data model* (as would be any other regular Pydantic class).