Verificamos que obtenemos un `username`, y extraemos los scopes.

Y luego validamos esos datos con el modelo de Pydantic (capturando la excepción `ValidationError`), y si obtenemos un error leyendo el token JWT o validando los datos con Pydantic, lanzamos la `HTTPException` que creamos antes.

Para eso, actualizamos el modelo de Pydantic `TokenData` con una nueva propiedad `scopes`.

     * @param item the SuggestItem containing the data to be indexed
     * @return a string representing the bulk line for OpenSearch indexing
     * @throws SuggesterException if an I/O error occurs during the creation of the bulk line
     */
    public static String createBulkLine(final String index, final String type, final SuggestItem item) {

 *   <li>comparing each pair of objects from different equality groups returns false
 *   <li>the hash codes of any two equal objects are equal
 * </ul>
 *
 * <p>When a test fails, the error message labels the objects involved in the failed comparison as
 * follows:
 *
 * <ul>
 *   <li>"{@code [group }<i>i</i>{@code , item }<i>j</i>{@code ]}" refers to the

        @DisplayName("should correctly identify disconnected states")
        void shouldIdentifyDisconnectedStates() {
            // States: 0=not connected, 1=connecting, 2=run connected, 3=connected,
            // 4=error, 5=disconnecting, 6=disconnected/invalid
            int[] disconnectedStates = { 0, 4, 5, 6 };
            int[] connectedStates = { 1, 2, 3 };

            for (int state : disconnectedStates) {

        assertEquals("Third instance", exception3.getMessage());
    }

    public void test_specialCharactersInMessage() {
        // Test with special characters in message
        String messageWithSpecialChars = "Error: offset > 1000 && offset < 2000 | \"quotes\" 'single' \n\t tab";
        ResultOffsetExceededException exception = new ResultOffsetExceededException(messageWithSpecialChars);

func getFormatStr(strLen int, padding int) string {
	formatStr := fmt.Sprintf("%ds", strLen+padding)
	return "%" + formatStr
}

// Prints the formatted startup message.
func printStartupMessage(apiEndpoints []string, err error) {
	banner := strings.Repeat("-", len(MinioBannerName))
	if globalIsDistErasure {
		logger.Startup(color.Bold(banner))
	}
	logger.Startup(color.Bold(MinioBannerName))
	if err != nil {
		if globalConsoleSys != nil {

{* ../../docs_src/security/tutorial007_an_py39.py hl[1,12:24] *}

Isso seria parecido com:

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # Return some error
    ...
```

Porém, ao utilizar o `secrets.compare_digest()`, isso estará seguro contra um tipo de ataque chamado "timing attacks" (ataques de temporização).

### Ataques de Temporização

     * other SSO protocols that require metadata exchange. The actual metadata
     * content is generated by the configured SSO authenticator.
     *
     * @return ActionResponse containing the SSO metadata or error page
     */
    @Execute
    public ActionResponse metadata() {
        final SsoManager ssoManager = ComponentUtil.getSsoManager();
        try {

        });
        // Exception is thrown, but cause may or may not be set depending on implementation
        assertNotNull(e.getMessage()); // Should have an error message
    }

    @Test
    void testGetters() {
        // Simple test for getter methods
        NtlmContext context = new NtlmContext(mockAuth, true);
        assertFalse(context.isEstablished());

        assertFalse(mockService.hasRegistration(regId));

        // 5. Verify heartbeat fails after unregistration
        assertFalse(mockService.processHeartbeat(regId, 4));
    }

    /**
     * Test error conditions and edge cases
     */
    @Test
    void testErrorConditions() {
        // Test operations on empty service
        assertEquals(0, mockService.getRegistrationCount());