</p>
<p align="center">
<a href="https://github.com/fastapi/fastapi/actions?query=workflow%3ATest+event%3Apush+branch%3Amaster" target="_blank">
    <img src="https://github.com/fastapi/fastapi/actions/workflows/test.yml/badge.svg?event=push&branch=master" alt="Test">
</a>
<a href="https://coverage-badge.samuelcolvin.workers.dev/redirect/fastapi/fastapi" target="_blank">

  avatarUrl: https://avatars.githubusercontent.com/u/109919500?u=b9b13d598dddfab529a52d264df80a900bfe7060&v=4
  url: https://github.com/YuriiMotov
- login: github-actions
  count: 769
  avatarUrl: https://avatars.githubusercontent.com/in/15368?v=4
  url: https://github.com/apps/github-actions
- login: Kludex
  count: 654
  avatarUrl: https://avatars.githubusercontent.com/u/7353520?u=df8a3f06ba8f55ae1967a3e2d5ed882903a4e330&v=4

        # Don't remove en dist_path as it might already contain other languages.
        # When running build_all(), that function already removes site_path.
        # All this is only relevant locally, on GitHub Actions all this is done through
        # artifacts and multiple workflows, so it doesn't matter if directories are
        # removed or not.
    else:
        dist_path = site_path / lang

			policy: `{"Effect": "Allow",
				"Action": ["admin:KMSCreateKey"] }`,

			wantStatusCode: http.StatusOK,
		},
		{
			name:   "create key as user set policy to non matching resource want success",
			method: http.MethodPost,
			path:   kmsAdminKeyCreate,
			query:  map[string]string{"key-id": "third-new-test-key"},
			asRoot: false,

			// Admin actions ignore Resources
			policy: `{"Effect": "Allow",

Then you could add permissions about that entity, like "drive" (for the car) or "edit" (for the blog).

And then, you could give that JWT token to a user (or bot), and they could use it to perform those actions (drive the car, or edit the blog post) without even needing to have an account, just with the JWT token your API generated for that.

Using these ideas, JWT can be used for way more sophisticated scenarios.

The MinIO server requires an available KMS to en/decrypt SSE-S3 encrypted objects. Therefore it is possible to erase or lock some or all encrypted objects. For example in case of a detected attack or other emergency situations the following actions can be taken:

loads the MinIO console on their browser, and selects the OpenID Provider they wish to use (the `MINIO_IDENTITY_OPENID_DISPLAY_NAME` value is shown here). The user is then redirected to the OpenID provider's login page and performs necessary login actions (e.g. entering credentials, responding to MFA authentication challenges, etc). After successful login, the user is redirected back to the MinIO console. This redirect URL is specified as a parameter by MinIO when the user is redirected to the OpenID...

| `minio_node_ilm_action_count_delete_action`                  | Total action outcome of lifecycle checks since server start for deleting object                            |

				batchLogIf(ctx, result.Err)
				continue
			}
			if result.Item.DeleteMarker {
				deleteMarkerCountMap[result.Item.Name]++
			}
			// Apply filter to find the matching rule to apply expiry
			// actions accordingly.
			// nolint:gocritic
			if result.Item.IsLatest {
				var match BatchJobExpireFilter
				var found bool
				for _, rule := range r.Rules {
					if rule.Matches(result.Item, now) {

	if tw.err != nil {
		return tw.err
	}

	// Trailer: two zero blocks.
	err := tw.Flush()
	for i := 0; i < 2 && err == nil; i++ {
		_, err = tw.w.Write(zeroBlock[:])
	}

	// Ensure all future actions are invalid.
	tw.err = ErrWriteAfterClose
	return err // Report IO errors
}

// regFileWriter is a fileWriter for writing data to a regular file entry.
type regFileWriter struct {