Si el token es inválido, devuelve un error HTTP de inmediato.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Actualizar la *path operation* `/token` { #update-the-token-path-operation }

Crea un `timedelta` con el tiempo de expiración del token.

Crea un verdadero token de acceso JWT y devuélvelo.

{* ../../docs_src/security/tutorial004_an_py310.py hl[118:133] *}

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.internal.platform

import java.security.KeyStore
import java.security.Provider
import java.security.cert.X509Certificate
import javax.net.ssl.SSLContext
import javax.net.ssl.SSLSession
import javax.net.ssl.SSLSocket
import javax.net.ssl.SSLSocketFactory
import javax.net.ssl.TrustManager

	quarkus/test-framework/security-oidc/pom.xml
	quarkus/test-framework/junit5/pom.xml
	quarkus/extensions/elytron-security-properties-file/deployment/pom.xml
quarkus/extensions/elytron-security-oauth2/deployment/pom.xml
	quarkus/core/deployment/pom.xml
	quarkus/extensions/elytron-security-oauth2/runtime/pom.xml
	quarkus/extensions/elytron-security/deployment/pom.xml
	quarkus/extensions/jsonp/deployment/pom.xml

from typing import Optional

from fastapi import Depends, FastAPI, Security
from fastapi.security import APIKeyHeader
from fastapi.testclient import TestClient
from pydantic import BaseModel

app = FastAPI()

api_key = APIKeyHeader(name="key", auto_error=False)


class User(BaseModel):
    username: str


def get_current_user(oauth_header: Optional[str] = Security(api_key)):
    if oauth_header is None:
        return None

Serious about security
======================

Square recognizes the important contributions the security research community
can make. We therefore encourage reporting security issues with the code
contained in this repository.

If you believe you have discovered a security vulnerability, please follow the

 * limitations under the License.
 */
package okhttp3.tls.internal

import java.lang.reflect.InvocationTargetException
import java.lang.reflect.Method
import java.security.cert.Certificate
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
import javax.net.ssl.X509TrustManager

/** This extends [X509TrustManager] for Android to disable verification for a set of hosts. */

import android.os.Build;
import androidx.test.ext.junit.runners.AndroidJUnit4;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;

from typing import Annotated

from fastapi import Depends, FastAPI
from fastapi.security import HTTPBasic, HTTPBasicCredentials

app = FastAPI()

security = HTTPBasic()


@app.get("/users/me")
def read_current_user(credentials: Annotated[HTTPBasicCredentials, Depends(security)]):

# This is more or less a workaround to make Depends and Security hashable
# as other tools that use them depend on that
# Ref: https://github.com/fastapi/fastapi/pull/14320

from fastapi import Depends, Security


def dep():
    pass


def test_depends_hashable():
    dep()  # just for coverage
    d1 = Depends(dep)
    d2 = Depends(dep)
    d3 = Depends(dep, scope="function")
    d4 = Depends(dep, scope="function")

Clique no botão "Authorize".

Use as credenciais:

User: `johndoe`

Password: `secret`

<img src="/img/tutorial/security/image04.png">

Após autenticar no sistema, você verá assim:

<img src="/img/tutorial/security/image05.png">

### Obtenha seus próprios dados de usuário { #get-your-own-user-data }

Agora use a operação `GET` com o caminho `/users/me`.