"http://localhost:8080/auth/realms/minio/.well-known/openid-configuration",
		"OpenID discovery document endpoint")
	flag.StringVar(&clientID, "cid", "", "Client ID")
	flag.StringVar(&clientSec, "csec", "", "Client Secret")
	flag.StringVar(&clientScopes, "cscopes", "openid", "Client Scopes")
	flag.IntVar(&port, "port", 8080, "Port")
}

func implicitFlowURL(c oauth2.Config, state string) string {
	var buf bytes.Buffer

  - Navigate to service provider section, expand Inbound Authentication Configurations and expand OAuth/OpenID Connect Configuration.
    - Copy the OAuth Client Key as the value for `<CLIENT_ID>`.
    - Copy the OAuth Client Secret as the value for `<CLIENT_SECRET>`.
  - By default, `<IS_HOST>` is localhost. However, if using a public IP, the respective IP address or domain needs to be specified.

# Geração de Projetos - Modelo

Você pode usar um gerador de projetos para começar, por já incluir configurações iniciais, segurança, banco de dados e os primeiros _endpoints_ API já feitos para você.

Um gerador de projetos sempre terá uma pré-configuração que você pode atualizar e adaptar para suas próprias necessidades, mas pode ser um bom ponto de partida para seu projeto.

## Full Stack FastAPI PostgreSQL

### Authentifizieren

Klicken Sie auf den Button „Authorize“.

Verwenden Sie die Anmeldedaten:

Benutzer: `johndoe`

Passwort: `secret`.

<img src="/img/tutorial/security/image04.png">

Nach der Authentifizierung im System sehen Sie Folgendes:

<img src="/img/tutorial/security/image05.png">

### Die eigenen Benutzerdaten ansehen

| [**AssumeRole**](https://github.com/minio/minio/blob/master/docs/sts/assume-role.md)   | Let MinIO users request temporary credentials using user access and secret keys.                                                              |

### Understanding JWT Claims

> NOTE: JWT claims are only meant for WebIdentity and ClientGrants.

Additionally, we create a `secret_name` for the hero, but so far, we are returning it everywhere, that's not very **secret**... 😅

We'll fix these things by adding a few **extra models**. Here's where SQLModel will shine. ✨

### Create Multiple Models

In **SQLModel**, any model class that has `table=True` is a **table model**.

labels.crawling_info_DataCrawlExecTime	=	Temps d'exécution de l'exploration (magasin de données)
labels.crawling_info_DataCrawlStartTime	=	Heure de début de l'exploration (magasin de données)
labels.crawling_info_DataCrawlEndTime	=	Heure de fin de l'exploration (magasin de données)
labels.crawling_info_DataIndexExecTime	=	Heure d'exécution de l'indexation (magasin de données)
labels.crawling_info_DataIndexSize	=	Taille de l'index (magasin de données)

	"errors"
	"io"
	"path"

	"github.com/minio/minio/internal/fips"
	"github.com/minio/minio/internal/hash/sha256"
	"github.com/minio/minio/internal/logger"
	"github.com/minio/sio"
)

// ObjectKey is a 256 bit secret key used to encrypt the object.
// It must never be stored in plaintext.
type ObjectKey [32]byte

// GenerateKey generates a unique ObjectKey from a 256 bit external key

option go_package = "k8s.io/api/authentication/v1";

// BoundObjectReference is a reference to an object that a token is bound to.
message BoundObjectReference {
  // Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
  // +optional
  optional string kind = 1;

  // API version of the referent.
  // +optional
  optional string apiVersion = 2;

  // Name of the referent.
  // +optional
  optional string name = 3;

func (r *Config) PopulatePublicKey(arn arn.ARN) error {
	pCfg := r.arnProviderCfgsMap[arn]
	if pCfg.JWKS.URL == nil || pCfg.JWKS.URL.String() == "" {
		return nil
	}

	// Add client secret for the client ID for HMAC based signature.
	r.pubKeys.add(pCfg.ClientID, []byte(pCfg.ClientSecret))

	client := &http.Client{
		Transport: r.transport,
	}

	resp, err := client.Get(pCfg.JWKS.URL.String())