private final String username;

    public SpnegoCredential(final String username) {
        this.username = username;
    }

    @Override
    public String getUserId() {
        return username;
    }

    @Override
    public String toString() {
        return "{" + username + "}";
    }

app = FastAPI()

oid = OpenIdConnect(openIdConnectUrl="/openid", auto_error=False)


class User(BaseModel):
    username: str


def get_current_user(oauth_header: Optional[str] = Security(oid)):
    if oauth_header is None:
        return None
    user = User(username=oauth_header)
    return user


@app.get("/users/me")
def read_current_user(current_user: Optional[User] = Depends(get_current_user)):

    public void update(final User user) {
        final String username = user.getName();
        final String password = user.getOriginalPassword();
        changePassword(username, password);
    }

    @Override
    public void delete(final User user) {
        final String username = user.getName();
        if (isTargetUser(username)) {
            executeCommand(deleteCommand, username, StringUtil.EMPTY);
        }
    }

                    "required": IsOneOf(
                        ["username", "email", "full_name"],
                        # TODO: remove when deprecating Pydantic v1
                        ["username", "email"],
                    ),
                    "type": "object",
                    "properties": {
                        "username": {"title": "Username", "type": "string"},
                        "email": {

    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username: str = payload.get("sub")
        if username is None:
            raise credentials_exception
        token_data = TokenData(username=username)
    except JWTError:
        raise credentials_exception
    user = get_user(fake_users_db, username=token_data.username)
    if user is None:
        raise credentials_exception
    return user

Um dies zu lösen, konvertieren wir zunächst den `username` und das `password` in UTF-8-codierte `bytes`.

Dann können wir `secrets.compare_digest()` verwenden, um sicherzustellen, dass `credentials.username` `"stanleyjobson"` und `credentials.password` `"swordfish"` ist.

=== "Python 3.9+"

    ```Python hl_lines="1  12-24"

	currTime := UTCNow()

	var (
		username = cred.AccessKey
		claims   = cred.Claims
		groups   = cred.Groups
	)

	if cred.IsTemp() || cred.IsServiceAccount() {
		// For derived credentials, check the parent user's permissions.
		username = cred.ParentUser
	}

	principalType := "Anonymous"
	if username != "" {
		principalType = "User"
		if len(claims) > 0 {

UserInDB(**user_dict)
```

dann ist das ungefähr äquivalent zu:

```Python
UserInDB(
    username="john",
    password="secret",
    email="******@****.***",
    full_name=None,
)
```

Oder, präziser, `user_dict` wird direkt verwendet, welche Werte es auch immer haben mag:

```Python
UserInDB(
    username = user_dict["username"],
    password = user_dict["password"],
    email = user_dict["email"],

        username: str = payload.get("sub")
        if username is None:
            raise credentials_exception
        token_scopes = payload.get("scopes", [])
        token_data = TokenData(scopes=token_scopes, username=username)
    except (JWTError, ValidationError):
        raise credentials_exception
    user = get_user(fake_users_db, username=token_data.username)
    if user is None:

        username: str = payload.get("sub")
        if username is None:
            raise credentials_exception
        token_scopes = payload.get("scopes", [])
        token_data = TokenData(scopes=token_scopes, username=username)
    except (JWTError, ValidationError):
        raise credentials_exception
    user = get_user(fake_users_db, username=token_data.username)
    if user is None: