}

    /**
     * Creates an encrypted user code from a user ID.
     * The user ID is encrypted using the primary cipher and validated against the configuration.
     *
     * @param userCode the raw user ID to encrypt
     * @return the encrypted and validated user code, or null if invalid
     */
    protected String createUserCodeFromUserId(String userCode) {

## Notes { #notes }

When you return a `Response` directly its data is not validated, converted (serialized), or documented automatically.

But you can still document it as described in [Additional Responses in OpenAPI](additional-responses.md).

 * to be used during the operation. If no repositories are specified (null),
 * the session's default remote repositories will be used. The repositories
 * are validated to ensure they don't contain duplicates or null entries.
 *
 * <p>Remote repositories are used for:
 * <ul>
 *   <li>Resolving artifacts and their metadata</li>
 *   <li>Downloading parent POMs and dependency POMs</li>

You can actually use this same technique with an HTTP `PUT` operation.

But the example here uses `PATCH` because it was created for these use cases.

///

/// note

Notice that the input model is still validated.

So, if you want to receive partial updates that can omit all the attributes, you need to have a model with all the attributes marked as optional (with default values or `None`).

AssumeRoleWithClientGrants does not require the use of MinIO default credentials. Therefore, client application can be distributed that requests temporary security credentials without including MinIO default credentials. Instead, the identity of the caller is validated by using a JWT access token from the identity provider. The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls...

* `limit`: with a value of `10`

As they are part of the URL, they are "naturally" strings.

But when you declare them with Python types (in the example above, as `int`), they are converted to that type and validated against it.

All the same process that applied for path parameters also applies for query parameters:

* Editor support (obviously)

	if err != nil {
		return nil, false, fmt.Errorf("Error looking up DN %s: %w", dn, err)
	}
	if searchRes == nil {
		return nil, false, nil
	}

	// This will not return an error as the argument is validated to be a DN.
	pdn, _ := ldap.ParseDN(searchRes.NormDN)

	// Check that the DN is under a configured base DN in the LDAP
	// directory.
	for _, baseDN := range baseDNList {
		if baseDN.Parsed.AncestorOf(pdn) {

	args := Args{}

	if err := s.CheckValidKeys(config.PolicyPluginSubSys, nil); err != nil {
		return args, err
	}

	getCfg := func(cfgParam string) string {
		// As parameters are already validated, we skip checking
		// if the config param was found.
		val, _, _ := s.ResolveConfigParam(config.PolicyPluginSubSys, config.Default, cfgParam, false)
		return val
	}

	pluginURL := getCfg(URL)

    checkArgument(validateSyntax(parts), "Not a valid domain name: '%s'", name);
  }

  /**
   * Internal constructor that skips validations when creating an instance from parts of an
   * already-validated InternetDomainName, as in {@link ancestor}.
   */
  private InternetDomainName(String name, ImmutableList<String> parts) {
    checkArgument(!parts.isEmpty(), "Cannot create an InternetDomainName with zero parts.");

{* ../../docs_src/path_operation_advanced_configuration/tutorial007_py310.py hl[24:31] *}

/// tip

Here we reuse the same Pydantic model.

But the same way, we could have validated it in some other way.