)

// Provider implements identity provider specific admin operations, such as
// looking up users, fetching additional attributes etc.
type Provider interface {
	LoginWithUser(username, password string) error
	LoginWithClientID(clientID, clientSecret string) error
	LookupUser(userid string) (User, error)

## Получить пользователя { #get-the-user }

`get_current_user` будет использовать созданную нами (ненастоящую) служебную функцию, которая принимает токен типа `str` и возвращает нашу Pydantic-модель `User`:

{* ../../docs_src/security/tutorial002_an_py310.py hl[19:22,26:27] *}

## Внедрить текущего пользователя { #inject-the-current-user }

The following example shows how to get the details of the user with `{userid}` from `{realm}` realm:

```
curl \
  -H "Authorization: Bearer eyJhbGciOiJSUz..." \
  "http://localhost:8080/auth/admin/realms/{realm}/users/{userid}"
```

### Configure MinIO

```
export MINIO_ROOT_USER=minio
export MINIO_ROOT_PASSWORD=minio123
minio server /mnt/export

		return nil, err
	}

	m.Range(func(user string, mappedPolicy MappedPolicy) bool {
		if userPredicate != nil && !userPredicate(user) {
			return true
		}
		stsMap[user] = mappedPolicy.Policies
		return true
	})

	for user := range store.getParentUsers(cache) {
		if _, ok := stsMap[user]; !ok {
			if userPredicate != nil && !userPredicate(user) {
				continue
			}
			stsMap[user] = ""

As it's running **locally**, and not in the open internet, you decide to **not have any authentication** set up, just trusting the access to the local network.

Then one of your users could install it and run it locally.

Then they could open a malicious website, e.g. something like

```
https://evilhackers.example.com
```

	if user6.Name != "find or init" || user6.ID == 0 || user6.Age != 44 {
		t.Errorf("user should be found and updated with assigned attrs")
	}
}

func TestFindOrCreate(t *testing.T) {
	var user1, user2, user3, user4, user5, user6, user7, user8 User
	if err := DB.Where(&User{Name: "find or create", Age: 33}).FirstOrCreate(&user1).Error; err != nil {
		t.Errorf("no error should happen when FirstOrInit, but got %v", err)
	}

That way, you can create a token with an expiration of, let's say, 1 week. And then when the user comes back the next day with the token, you know that user is still logged in to your system.

Esto será especialmente útil cuando lo uses en una **gran code base** donde uses **las mismas dependencias** una y otra vez en **muchas *path operations***.

## Usar `async` o no usar `async` { #to-async-or-not-to-async }

	userIdentities := make([]UserIdentity, len(users))
	g := errgroup.WithNErrs(len(users))

	for index := range users {
		g.Go(func() error {
			userName := path.Dir(users[index])
			user, err := iamOS.loadUserIdentity(ctx, userName, userType)
			if err != nil && !errors.Is(err, errNoSuchUser) {
				return fmt.Errorf("unable to load the user `%s`: %w", userName, err)

# If the first character of an item is a question mark, the load will silently fail if the file does not exist.
${includes} = ?"${maven.user.conf}/maven-user.properties", \