* limitations under the License.
 */
package okhttp3.tls.internal

import java.lang.reflect.InvocationTargetException
import java.lang.reflect.Method
import java.security.cert.Certificate
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
import javax.net.ssl.X509TrustManager

/** This extends [X509TrustManager] for Android to disable verification for a set of hosts. */

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Die *Pfadoperation* `/token` aktualisieren { #update-the-token-path-operation }

Erstellen Sie ein <abbr title="Zeitdifferenz">`timedelta`</abbr> mit der Ablaufzeit des Tokens.

Erstellen Sie einen echten JWT-Zugriffstoken und geben Sie ihn zurück.

{* ../../docs_src/security/tutorial004_an_py310.py hl[118:133] *}

Si el token es inválido, devuelve un error HTTP de inmediato.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Actualizar la *path operation* `/token` { #update-the-token-path-operation }

Crea un `timedelta` con el tiempo de expiración del token.

Crea un verdadero token de acceso JWT y devuélvelo.

{* ../../docs_src/security/tutorial004_an_py310.py hl[118:133] *}

     * @return The HTML response.
     */
    @Execute
    @Secured({ ROLE, ROLE + VIEW })
    public HtmlResponse index() {
        return asListHtml();
    }

    /**
     * Show the list page.
     * @param pageNumber The page number.
     * @param form The search form.
     * @return The HTML response.
     */
    @Execute
    @Secured({ ROLE, ROLE + VIEW })

 * governing permissions and limitations under the License.
 */
package org.codelibs.core.security;

import static org.codelibs.core.misc.AssertionUtil.assertArgumentNotEmpty;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

import org.codelibs.core.exception.ClIllegalStateException;

import android.os.Build;
import androidx.test.ext.junit.runners.AndroidJUnit4;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;

import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.security.auth.kerberos.KerberosKey;

import org.bouncycastle.asn1.ASN1EncodableVector;

In the next chapters, I'll give you more **concrete recipes** to deploy FastAPI applications.

But for now, let's check these important **conceptual ideas**. These concepts also apply to any other type of web API. 💡

## Security - HTTPS { #security-https }

In the [previous chapter about HTTPS](https.md){.internal-link target=_blank} we learned about how HTTPS provides encryption for your API.

from fastapi import Depends, FastAPI, Security
from fastapi.security import APIKeyHeader
from fastapi.testclient import TestClient
from pydantic import BaseModel

app = FastAPI()

api_key = APIKeyHeader(name="key")


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str = Security(api_key)):
    user = User(username=oauth_header)
    return user


@app.get("/users/me")

from fastapi import Depends, FastAPI, Security
from fastapi.security import APIKeyHeader
from fastapi.testclient import TestClient
from pydantic import BaseModel

app = FastAPI()

api_key = APIKeyHeader(name="key", description="An API Key Header")


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str = Security(api_key)):
    user = User(username=oauth_header)
    return user