{* ../../docs_src/security/tutorial002_an_py310.py hl[25] *}

## Get the user { #get-the-user }

`get_current_user` will use a (fake) utility function we created, that takes a token as a `str` and returns our Pydantic `User` model:

<img src="/img/tutorial/security/image11.png">

## JWT token with scopes { #jwt-token-with-scopes }

Now, modify the token *path operation* to return the scopes requested.

We are still using the same `OAuth2PasswordRequestForm`. It includes a property `scopes` with a `list` of `str`, with each scope it received in the request.

And we return the scopes as part of the JWT token.

/// danger

これらの場合、型宣言でリストを使用して定義することができます。

重複したヘッダーのすべての値をPythonの`list`として受け取ることができます。

例えば、複数回出現する可能性のある`X-Token`のヘッダを定義するには、以下のように書くことができます:

{* ../../docs_src/header_params/tutorial003_an_py310.py hl[9] *}

その*path operation*と通信する際に、次のように2つのHTTPヘッダーを送信する場合:

```
X-Token: foo
X-Token: bar
```

レスポンスは以下のようになります:

```JSON
{
    "X-Token values": [
        "bar",
        "foo"
    ]
}
```

## まとめ { #recap }

                                    <label for="token" class="col-sm-3 text-sm-right col-form-label"><la:message
                                            key="labels.dict_kuromoji_token"/></label>
                                    <div class="col-sm-9">
                                        <la:errors property="token"/>
                                        <la:text styleId="token" property="token" styleClass="form-control"/>

    }

    public void setToken_Terms(ConditionOptionCall<TermsAggregationBuilder> opLambda) {
        setToken_Terms("token", opLambda, null);
    }

    public void setToken_Terms(ConditionOptionCall<TermsAggregationBuilder> opLambda, OperatorCall<BsAccessTokenCA> aggsLambda) {
        setToken_Terms("token", opLambda, aggsLambda);
    }

		case "Endpoint":
			z.Endpoint, err = dc.ReadString()
			if err != nil {
				err = msgp.WrapError(err, "Endpoint")
				return
			}
		case "Token":
			z.Token, err = dc.ReadString()
			if err != nil {
				err = msgp.WrapError(err, "Token")
				return
			}
		default:
			err = dc.Skip()
			if err != nil {
				err = msgp.WrapError(err)
				return
			}
		}
	}

{* ../../docs_src/security/tutorial002_an_py310.py hl[25] *}

## Obter o usuário { #get-the-user }

`get_current_user` usará uma função utilitária (falsa) que criamos, que recebe um token como uma `str` e retorna nosso modelo Pydantic `User`:

	  #     value: "image/*" # match objects with 'content-type', with all values starting with 'image/'

	notify:
	  endpoint: "https://notify.endpoint" # notification endpoint to receive job status events
	  token: "Bearer xxxxx" # optional authentication token for the notification endpoint

	retry:
	  attempts: 10 # number of retries for the job before giving up
	  delay: "500ms" # least amount of delay between each retry
```

				return
			}
		case "Time":
			z.Time, err = dc.ReadTime()
			if err != nil {
				err = msgp.WrapError(err, "Time")
				return
			}
		case "Token":
			z.Token, err = dc.ReadString()
			if err != nil {
				err = msgp.WrapError(err, "Token")
				return
			}
		default:
			err = dc.Skip()
			if err != nil {
				err = msgp.WrapError(err)
				return
			}
		}
	}
	return
}

  notify:
    endpoint: https://notify.endpoint # notification endpoint to receive job completion status
    token: Bearer xxxxx # optional authentication token for the notification endpoint
  
  retry:
    attempts: 10 # number of retries for the job before giving up
    delay: 500ms # least amount of delay between each retry
`
	var job BatchJobRequest