"arn:aws:s3:::*"
      ]
    }
  ]
}
```

### Visit <http://localhost:8080>

You will be redirected to dex login screen - click "Login with email", enter username password
> username: ******@****.***
> password: password

and then click "Grant access"

On the browser now you shall see the list of buckets output, along with your temporary credentials obtained from MinIO.

```
{
 "buckets": [

    /**
     * Security mode flags.
     */
    public int securityMode;
    /**
     * Security settings for the session.
     */
    public int security;
    /**
     * Whether the server requires encrypted passwords.
     */
    public boolean encryptedPasswords;
    /**
     * Whether message signing is enabled.
     */
    public boolean signaturesEnabled;
    /**
     * Whether message signing is required.
     */

* Make sure you have well defined Pydantic models for your request bodies and responses.
* Configure any required permissions and roles using dependencies.
* Never store plaintext passwords, only password hashes.
* Implement and use well-known cryptographic tools, like pwdlib and JWT tokens, etc.
* Add more granular permission controls with OAuth2 scopes where needed.
* ...etc.

                    throw new RuntimeException("Plain text passwords are disabled");
                } else if (useUnicode) {
                    // plain text
                    final String password = auth.getPassword();
                    lmHash = new byte[0];
                    ntHash = new byte[(password.length() + 1) * 2];
                    writeString(password, ntHash, 0);
                } else {
                    // plain text

            } else {
                // plain text
                password = new byte[(session.auth.password.length() + 1) * 2];
                passwordLength = writeString(session.auth.password, password, 0);
            }
        } else {
            // no password in tree connect
            passwordLength = 1;
        }

        dst[dstIndex] = disconnectTid ? (byte) 0x01 : (byte) 0x00;

            } else {
                // plain text
                this.password = new byte[(pwAuth.getPassword().length() + 1) * 2];
                this.passwordLength = writeString(pwAuth.getPassword(), this.password, 0);
            }
        } else {
            // no password in tree connect
            this.passwordLength = 1;
        }

        // Verify it returns a clone, not the original
        password[0] = 'X';
        char[] password2 = authenticator.getPasswordAsCharArray();
        assertNotEquals(password[0], password2[0], "Should return a clone, not the original");
    }

    @Test
    public void testPasswordConstructorWithCharArray() {
        char[] passwordChars = "charArrayPassword".toCharArray();

* The **input model** needs to be able to have a password.
* The **output model** should not have a password.
* The **database model** would probably need to have a hashed password.

/// danger

Never store user's plaintext passwords. Always store a "secure hash" that you can then verify.

If you don't know, you will learn what a "password hash" is in the [security chapters](security/simple-oauth2.md#password-hashing).

///

                        throw new RuntimeException("Plain text passwords are disabled");
                    } else {
                        // plain text
                        final String password = a.getPassword();
                        this.lmHash = new byte[(password.length() + 1) * 2];
                        this.ntHash = new byte[0];
                        writeString(password, this.lmHash, 0);
                    }
                }

     * @param password the password to authenticate with
     */
    public NtlmPasswordAuthentication(final CIFSContext tc, final String domain, final String username, final String password) {
        super(domain != null ? domain : tc.getConfig().getDefaultDomain(),
                username != null ? username : tc.getConfig().getDefaultUsername() != null ? tc.getConfig().getDefaultUsername() : "GUEST",