echo "server1 log:"
		cat "${WORK_DIR}/server1.log"
		echo "FAILED"
		purge "$WORK_DIR"
		exit 1
	fi

	if ! ./s3-check-md5 \
		-debug \
		-versions \
		-access-key minio \
		-secret-key minio123 \
		-endpoint "http://127.0.0.1:${start_port}/" 2>&1 | grep INTACT; then
		echo "server1 log:"
		cat "${WORK_DIR}/server1.log"
		echo "FAILED"
		mkdir -p inspects
		(
			cd inspects

including MinIO long lasting credentials in the application. Instead, the identity of the caller is validated by using a JWT id_token from the web identity provider. The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls to MinIO API operations.

By default, the temporary security credentials created by AssumeRoleWithWebIdentity last for one hour. However, the...

from fastapi import Header, HTTPException


async def get_token_header(x_token: str = Header()):
    if x_token != "fake-super-secret-token":
        raise HTTPException(status_code=400, detail="X-Token header invalid")


async def get_query_token(token: str):
    if token != "jessica":

        @SuppressWarnings("unchecked") // reading data stored by writeMultimap
        V value = (V) stream.readObject();
        values.add(value);
      }
    }
  }

  // Secret sauce for setting final fields; don't make it public.
  static <T> FieldSetter<T> getFieldSetter(Class<T> clazz, String fieldName) {
    try {
      Field field = clazz.getDeclaredField(fieldName);

from fastapi import Header, HTTPException
from typing_extensions import Annotated


async def get_token_header(x_token: Annotated[str, Header()]):
    if x_token != "fake-super-secret-token":
        raise HTTPException(status_code=400, detail="X-Token header invalid")


async def get_query_token(token: str):
    if token != "jessica":

from typing import Annotated

from fastapi import Header, HTTPException


async def get_token_header(x_token: Annotated[str, Header()]):
    if x_token != "fake-super-secret-token":
        raise HTTPException(status_code=400, detail="X-Token header invalid")


async def get_query_token(token: str):
    if token != "jessica":

  {{- end }}
spec:
  endpoints:
    {{- if .Values.tls.enabled }}
    - port: https
      scheme: https
      tlsConfig:
        ca:
          secret:
            name: {{ .Values.tls.certSecret }}
            key: {{ .Values.tls.publicCrt }}
        serverName: {{ template "minio.fullname" . }}
    {{- else }}
    - port: http
      scheme: http
    {{- end }}

func main() {
	flag.StringVar(&endpoint, "endpoint", "https://play.min.io", "S3 endpoint URL")
	flag.StringVar(&accessKey, "access-key", "Q3AM3UQ867SPQQA43P2F", "S3 Access Key")
	flag.StringVar(&secretKey, "secret-key", "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG", "S3 Secret Key")
	flag.StringVar(&bucket, "bucket", "", "Select a specific bucket")
	flag.StringVar(&prefix, "prefix", "", "Select a prefix")

	}

	appParams := cmd.OpenIDClientAppParams{
		ClientID:     "minio-client-app",
		ClientSecret: "minio-client-app-secret",
		ProviderURL:  "http://127.0.0.1:5556/dex",
		RedirectURL:  "http://127.0.0.1:10000/oauth_callback",
	}

	oidcToken, err := cmd.MockOpenIDTestUserInteraction(ctx, appParams, "******@****.***", "dillon")

```JSON
{
  "detail": "Not authenticated"
}
```

### Usuário inativo

Agora tente com um usuário inativo, autentique-se com:

User: `alice`

Password: `secret2`

E tente usar a operação `GET` com o caminho `/users/me`.

Você receberá um erro "Usuário inativo", como:

```JSON
{
  "detail": "Inactive user"
}
```

## Recaptulando