{* ../../docs_src/security/tutorial002_an_py310.py hl[25] *}

## Get the user { #get-the-user }

`get_current_user` will use a (fake) utility function we created, that takes a token as a `str` and returns our Pydantic `User` model:

{* ../../docs_src/security/tutorial002_an_py310.py hl[19:22,26:27]...

                            state = 0;
                            break;
                        }

                        try {
                            token = nctx.initSecContext(token, 0, token.length);
                        } catch (final SmbException se) {
                            /* We must close the transport or the server will be expecting a

	  #     value: "image/*" # match objects with 'content-type', with all values starting with 'image/'

	notify:
	  endpoint: "https://notify.endpoint" # notification endpoint to receive job status events
	  token: "Bearer xxxxx" # optional authentication token for the notification endpoint

	retry:
	  attempts: 10 # number of retries for the job before giving up
	  delay: "500ms" # least amount of delay between each retry
```

///

## Retorne o token

A resposta do endpoint `token` deve ser um objeto JSON.

Deve ter um `token_type`. No nosso caso, como estamos usando tokens "Bearer", o tipo de token deve ser "`bearer`".

E deve ter um `access_token`, com uma string contendo nosso token de acesso.

Para este exemplo simples, seremos completamente inseguros e retornaremos o mesmo `username` do token.

/// tip | Dica

import org.junit.jupiter.api.Test;

import jcifs.pac.PACDecodingException;

/**
 * Tests for KerberosEncData.
 */
class KerberosEncDataTest {

    /**
     * Test constructor with a valid token.
     *
     * @throws IOException if an I/O error occurs
     * @throws PACDecodingException if a PAC decoding error occurs
     * @throws UnknownHostException if the IP address is not found
     */
    @Test

            false, false, false, "keyword", 0, 0, null, null, false, null, null, null, null, null, false);
    protected final ColumnInfo _columnToken = cci("token", "token", null, null, String.class, "token", null, false, false, false, "keyword",
            0, 0, null, null, false, null, null, null, null, null, false);

		ll: &localLocker{
			mutex:   sync.Mutex{},
			lockMap: make(map[string][]lockRequesterInfo),
		},
	}
	creds := globalActiveCred
	token, err := authenticateNode(creds.AccessKey, creds.SecretKey)
	if err != nil {
		t.Fatal(err)
	}
	return fsDir, locker, token
}

// Test function to remove lock entries from map based on name & uid combination
func TestLockRpcServerRemoveEntry(t *testing.T) {

Das ist derselbe Mechanismus, der verwendet wird, wenn Sie beim Anmelden mit Facebook, Google, GitHub, usw. Berechtigungen erteilen:

<img src="/img/tutorial/security/image11.png">

## JWT-Token mit Scopes

Ändern Sie nun die Token-*Pfadoperation*, um die angeforderten Scopes zurückzugeben.

    runs-on: ubuntu-latest
    permissions:
      # Needed to upload the results to code-scanning dashboard.
      security-events: write
      # Needed to publish results and get a badge (see publish_results below).
      id-token: write
      # Uncomment the permissions below if installing in a private repository.
      # contents: read
      # actions: read

    steps:
      - name: "Checkout code"