Since, the client would have the session it can do it by itself.

The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls to MinIO API operations. The policy applied to these temporary credentials is inherited from the MinIO user credentials. By default, the temporary security credentials created by AssumeRole last for one hour. However, use the optional DurationSeconds...

     */
    public int scapabilities;
    /**
     * OEM domain name of the server.
     */
    public String oemDomainName;
    /**
     * Security mode flags.
     */
    public int securityMode;
    /**
     * Security settings for the session.
     */
    public int security;
    /**
     * Whether the server requires encrypted passwords.
     */
    public boolean encryptedPasswords;
    /**

            Doc(
                """
                Security scheme name.

                It will be included in the generated OpenAPI (e.g. visible at `/docs`).
                """
            ),
        ] = None,
        description: Annotated[
            Optional[str],
            Doc(
                """
                Security scheme description.

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
  <base-config cleartextTrafficPermitted="false">
  </base-config>

	Help = config.HelpKVS{
		config.HelpKV{
			Key:         browserCSPPolicy,
			Description: `set Content-Security-Policy response header value` + defaultHelpPostfix(browserCSPPolicy),
			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         browserHSTSSeconds,
			Description: `set Strict-Transport-Security 'max-age' amount of seconds value` + defaultHelpPostfix(browserHSTSSeconds),
			Optional:    true,

        byte[] buffer = createBasicNegotiateResponseBuffer();

        // Add a small security buffer at a safe offset (after the fixed structure)
        SMBUtil.writeInt2(64, buffer, 56); // Security buffer offset (relative to header start)
        SMBUtil.writeInt2(8, buffer, 58); // Security buffer length

        // Add some dummy security data at offset 64 from start
        buffer[64] = (byte) 0x4E; // NTLMSSP signature start

Ahora puedes pasar ese `oauth2_scheme` en una dependencia con `Depends`.

{* ../../docs_src/security/tutorial001_an_py39.py hl[12] *}

Esta dependencia proporcionará un `str` que se asigna al parámetro `token` de la *path operation function*.

**FastAPI** sabrá que puede usar esta dependencia para definir un "security scheme" en el esquema OpenAPI (y en los docs automáticos del API).

/// info | Detalles técnicos

# Get Current User { #get-current-user }

In the previous chapter the security system (which is based on the dependency injection system) was giving the *path operation function* a `token` as a `str`:

{* ../../docs_src/security/tutorial001_an_py39.py hl[12] *}

But that is still not that useful.

Let's make it give us the current user.

## Create a user model { #create-a-user-model }

First, let's create a Pydantic user model.

import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;

import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.Map;

import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;

import org.junit.jupiter.api.Test;

/**
 * Tests for the PacMac class.
 */

{* ../../docs_src/security/tutorial001_an_py39.py hl[12] *}

Pero eso aún no es tan útil. Vamos a hacer que nos dé el usuario actual.

## Crear un modelo de usuario { #create-a-user-model }

Primero, vamos a crear un modelo de usuario con Pydantic.

De la misma manera que usamos Pydantic para declarar cuerpos, podemos usarlo en cualquier otra parte:

{* ../../docs_src/security/tutorial002_an_py310.py hl[5,12:6] *}