return\n    }\n\n    this.maximize()\n  }\n\n  // Private\n\n  _init(card) {\n    this._parent = card\n\n    $(this).find(this._settings.collapseTrigger).click(() => {\n      this.toggle()\n    })\n\n    $(this).find(this._settings.maximizeTrigger).click(() => {\n      this.toggleMaximize()\n    })\n\n    $(this).find(this._settings.removeTrigger).click(() => {\n      this.remove()\n    })\n  }\n\n  // Static\n\n  static _jQueryInterface(config) {\n    let data = $(this).data(DATA_KEY)\n    const _options...

/// check | Authorize button!

You already have a shiny new "Authorize" button.

And your *path operation* has a little lock in the top-right corner that you can click.

///

And if you click it, you have a little authorization form to type a `username` and `password` (and other optional fields):

<img src="/img/tutorial/security/image02.png">

/// note

                + docId + ", userSessionId=" + userSessionId + ", url=" + url + ", order=" + order + ", docMeta=" + docMeta + "]";
    }

    @Override
    public String getEventType() {
        return "click";
    }

Mas esse exemplo ainda é valido e mostra como interagir com os componentes internos.

///

Também podemos usar essa mesma abordagem para acessar o corpo da requisição em um manipulador de exceção.

    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_inactive_user(client: TestClient):
    response = client.get("/users/me", headers={"Authorization": "Bearer alice"})
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Inactive user"}


def test_openapi_schema(client: TestClient):
    response = client.get("/openapi.json")

labels.search_result_sort_last_modified_asc=by Last Modified (asc)
labels.search_result_sort_last_modified_desc=by Last Modified (desc)
labels.search_result_sort_click_count_asc=by Click Count (asc)
labels.search_result_sort_click_count_desc=by Click Count (desc)
labels.search_result_sort_favorite_count_asc=by Favorite Count (asc)
labels.search_result_sort_favorite_count_desc=by Favorite Count (desc)
labels.search_result_sort_multiple=Multiple

If you go to the **API docs UI** at `/docs` you will be able to see the **documentation** for cookies for your *path operations*.

But even if you **fill the data** and click "Execute", because the docs UI works with **JavaScript**, the cookies won't be sent, and you will see an **error** message as if you didn't write any values.

///

## Forbid Extra Cookies { #forbid-extra-cookies }

            // First is a user
            names.names[0] = new lsarpc.LsarTranslatedName();
            names.names[0].sid_type = (short) jcifs.SID.SID_TYPE_USER;
            names.names[0].name = new UnicodeString("alice", false);
            names.names[0].sid_index = 0;
            // Second is a domain group
            names.names[1] = new lsarpc.LsarTranslatedName();
            names.names[1].sid_type = (short) jcifs.SID.SID_TYPE_DOM_GRP;

Pero este ejemplo sigue siendo válido y muestra cómo interactuar con los componentes internos.

///

También podemos usar este mismo enfoque para acceder al request body en un manejador de excepciones.

{* ../../docs_src/security/tutorial002_an_py310.py hl[30:32] *}

## Resumen { #recap }

Ahora puedes obtener el usuario actual directamente en tu *path operation function*.

Ya estamos a mitad de camino.

Solo necesitamos agregar una *path operation* para que el usuario/cliente envíe realmente el `username` y `password`.