assert response.json() == {"detail": "Invalid authentication credentials"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_incorrect_token_type():
    response = client.get(
        "/users/me", headers={"Authorization": "Notexistent testtoken"}
    )
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}

 * to protect content with NTLM HTTP Authentication. Servlets that
 * extend this abstract base class may be authenticated against an SMB
 * server or domain controller depending on how the
 * <tt>jcifs.smb.client.domain</tt> or <tt>jcifs.http.domainController</tt>
 * properties are be specified. <b>With later containers the
 * <tt>NtlmHttpFilter</tt> should be used</b>. For custom NTLM HTTP Authentication schemes the <tt>NtlmSsp</tt> may be
 * used.

@needs_py310
def test_no_token(client: TestClient):
    response = client.get("/users/me")
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


@needs_py310
def test_token(client: TestClient):
    response = client.get("/users/me", headers={"Authorization": "Bearer johndoe"})

@needs_py310
def test_no_token(client: TestClient):
    response = client.get("/users/me")
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


@needs_py310
def test_token(client: TestClient):
    response = client.get("/users/me", headers={"Authorization": "Bearer johndoe"})

```

### 3. Configuring Prometheus

#### 3.1 Authenticated Prometheus config

> If MinIO is configured to expose metrics without authentication, you don't need to use `mc` to generate prometheus config. You can skip reading further and move to 3.2 section.

The `password` "flow" is one of the ways ("flows") defined in OAuth2, to handle security and authentication.

OAuth2 was designed so that the backend or API could be independent of the server that authenticates the user.

But in this case, the same **FastAPI** application will handle the API and the authentication.

So, let's review it from that simplified point of view:

     * Sent by the server in the Type 2 message to indicate that the
     * target authentication realm is a share (presumably for share-level
     * authentication).
     */
    public static final int NTLMSSP_TARGET_TYPE_SHARE = 0x00040000;

    /**
     * Indicates that the NTLM2 signing and sealing scheme should be used
     * for protecting authenticated communications. This refers to a

 * described in an <A HREF="http://www.innovation.ch/java/ntlm.html">NTLM
 * Authentication Scheme for HTTP</A>.  <p> Also, read <a
 * href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and
 * the Network Explorer Servlet</a> related information.
 */

public class NtlmSsp implements NtlmFlags {

    /**
     * Calls the static {@link #authenticate(HttpServletRequest,

 * Authentication Scheme for HTTP</A>.
 * <p>
 * Also, read <a
 * href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and
 * the Network Explorer Servlet</a> related information.
 */
@Deprecated
public class NtlmSsp implements NtlmFlags {

    /**
     * Calls the static {@link #authenticate(CIFSContext, HttpServletRequest,

    * Sent by the server in the Type 2 message to indicate that the 
    * target authentication realm is a share (presumably for share-level
    * authentication).
    */
    public static final int NTLMSSP_TARGET_TYPE_SHARE = 0x00040000;

    /**
    * Indicates that the NTLM2 signing and sealing scheme should be used
    * for protecting authenticated communications.  This refers to a