response = client.get("/me", headers={"Authorization": "Bearer secrettoken"})
    assert response.status_code == 200
    assert response.json() == {
        "message": "You are authenticated",
        "token": "secrettoken",
    }


def test_get_me_no_credentials(client: TestClient):
    response = client.get("/me")
    assert response.status_code == 403
    assert response.json() == {"detail": "Not authenticated"}

{* ../../docs_src/security/tutorial002_an_py310.py hl[25] *}

## Den Benutzer abrufen { #get-the-user }

`get_current_user` wird eine von uns erstellte (gefakte) Hilfsfunktion verwenden, welche einen Token vom Typ `str` entgegennimmt und unser Pydantic-`User`-Modell zurückgibt:

    * of NTLMv2 authentication.
    */
    int NTLMSSP_NEGOTIATE_NTLM2 = 0x00080000;

    /**
     * Requests an initial response token.
     */
    int NTLMSSP_REQUEST_INIT_RESPONSE = 0x00100000;

    /**
     * Requests an accept response token.
     */
    int NTLMSSP_REQUEST_ACCEPT_RESPONSE = 0x00200000;

    /**
     * Requests the use of a non-NT session key.
     */

## Explore Further

- [MinIO Client Complete Guide](https://docs.min.io/community/minio-object-store/reference/minio-mc.html)
- [MinIO STS Quickstart Guide](https://docs.min.io/community/minio-object-store/developers/security-token-service.html)

	default:
		return xml.UnmarshalError(fmt.Sprintf("expected element type <LegalHold>/<ObjectLockLegalHold> but have <%s>",
			start.Name.Local))
	}
	for {
		// Read tokens from the XML document in a stream.
		t, err := d.Token()
		if err != nil {
			if err == io.EOF {
				break
			}
			return err
		}

		if se, ok := t.(xml.StartElement); ok {
			switch se.Name.Local {
			case "Status":

# 패스워드 해싱을 이용한 OAuth2, JWT 토큰을 사용하는 Bearer 인증

모든 보안 흐름을 구성했으므로, 이제 <abbr title="JSON Web Tokens">JWT</abbr> 토큰과 패스워드 해싱을 사용해 애플리케이션을 안전하게 만들 것입니다.

이 코드는 실제로 애플리케이션에서 패스워드를 해싱하여 DB에 저장하는 등의 작업에 활용할 수 있습니다.

이전 장에 이어서 시작해 봅시다.

## JWT

JWT 는 "JSON Web Tokens" 을 의미합니다.

JSON 객체를 공백이 없는 긴 문자열로 인코딩하는 표준이며, 다음과 같은 형태입니다:

```

Lá você pode definir:

* O "Item ID", usado no path.
* O "Token" usado como um parâmetro de consulta.

/// tip | Dica

Perceba que a consulta `token` será manipulada por uma dependência.

///

Com isso você pode conectar o WebSocket e então enviar e receber mensagens:

    /**
     * Sends a request to the remote endpoint.
     *
     * @param request the request to send
     * @throws IOException if an I/O error occurs
     */
    protected abstract void doSend(Request request) throws IOException;

    /**
     * Receives a response from the remote endpoint.
     *
     * @param response the response object to populate
     * @throws IOException if an I/O error occurs

                It is also useful when you want to have authentication that can be
                provided in one of multiple optional ways (for example, in a query
                parameter or in an HTTP Bearer token).
                """
            ),
        ] = True,
    ):
        super().__init__(
            location=APIKeyIn.query,
            name=name,
            scheme_name=scheme_name,

	}

	// Validation code
	switch {
	case conf.AWSRoleWebIdentityTokenFile == "" && conf.AWSRoleARN != "" || conf.AWSRoleWebIdentityTokenFile != "" && conf.AWSRoleARN == "":
		return nil, errors.New("both the token file and the role ARN are required")
	case conf.AccessKey == "" && conf.SecretKey != "" || conf.AccessKey != "" && conf.SecretKey == "":
		return nil, errors.New("both the access and secret keys are required")