final SystemHelper systemHelper = ComponentUtil.getSystemHelper();
        final String username = systemHelper.getUsername();
        final long currentTime = systemHelper.getCurrentTimeAsLong();
        return getEntity(form, username, currentTime).map(entity -> {
            entity.setUpdatedBy(username);
            entity.setUpdatedTime(currentTime);

        assertEquals(5, chain.deleteCalls.size());
    }

    // Helper method to create test user
    private User createTestUser(String username, String displayName) {
        User user = new User();
        user.setName(username);
        user.setDisplayName(displayName);
        return user;
    }

    // Test implementation of AuthenticationChain for testing

The <dfn title="specification">spec</dfn> requires the fields to be exactly named `username` and `password`, and to be sent as form fields, not JSON.

With `Form` you can declare the same configurations as with `Body` (and `Query`, `Path`, `Cookie`), including validation, examples, an alias (e.g. `user-name` instead of `username`), etc.

/// info

	g := errgroup.WithNErrs(len(users))

	for index := range users {
		g.Go(func() error {
			userName := path.Dir(users[index])
			user, err := iamOS.loadUserIdentity(ctx, userName, userType)
			if err != nil && !errors.Is(err, errNoSuchUser) {
				return fmt.Errorf("unable to load the user `%s`: %w", userName, err)
			}
			userIdentities[index] = user
			return nil
		}, index)
	}

     *
     * @param form the form containing the web authentication data
     * @param username the username of the current user
     * @param currentTime the current timestamp
     * @return an optional WebAuthentication entity
     */
    public static OptionalEntity<WebAuthentication> getEntity(final CreateForm form, final String username, final long currentTime) {
        switch (form.crudMode) {
        case CrudMode.CREATE:

        try {
            userService.store(entity);
            saveInfo(messages -> messages.addSuccessCrudCreateCrudTable(GLOBAL));
        } catch (final Exception e) {
            logger.warn("Failed to create user: username={}, error={}", body.name, e.getMessage(), e);
            throwValidationErrorApi(messages -> messages.addErrorsCrudFailedToCreateCrudTable(GLOBAL, buildThrowableMessage(e)));
        }

from inline_snapshot import snapshot
from pydantic import BaseModel

app = FastAPI()

api_key = APIKeyCookie(name="key")


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str = Security(api_key)):
    user = User(username=oauth_header)
    return user


@app.get("/users/me")
def read_current_user(current_user: User = Depends(get_current_user)):
    return current_user

from pydantic import BaseModel

app = FastAPI()

api_key = APIKeyCookie(name="key", description="An API Cookie Key")


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str = Security(api_key)):
    user = User(username=oauth_header)
    return user


@app.get("/users/me")
def read_current_user(current_user: User = Depends(get_current_user)):
    return current_user

Por ejemplo, en una de las formas en las que se puede usar la especificación OAuth2 (llamada "password flow") se requiere enviar un `username` y `password` como campos de formulario.

La <dfn title="especificación">especificación</dfn> requiere que los campos se llamen exactamente `username` y `password`, y que se envíen como campos de formulario, no JSON.

Betrachten wir es also aus dieser vereinfachten Sicht:

* Der Benutzer gibt den `username` und das `password` im Frontend ein und drückt `Enter`.
* Das Frontend (das im Browser des Benutzers läuft) sendet diesen `username` und das `password` an eine bestimmte URL in unserer API (deklariert mit `tokenUrl="token"`).
* Die API überprüft den `username` und das `password` und antwortet mit einem „Token“ (wir haben davon noch nichts implementiert).