the behavior you are seeing is confirmed as a bug or issue, it can easily be re-raised in the issue tracker.

## Filing issues

Sensitive security-related issues should be reported to [security@golang.org](mailto:******@****.***).
See the [security policy](https://golang.org/security) for details.

The recommended way to file an issue is by running `go bug`.
Otherwise, when filing an issue, make sure to answer these five questions:

# Get Current User { #get-current-user }

In the previous chapter the security system (which is based on the dependency injection system) was giving the *path operation function* a `token` as a `str`:

{* ../../docs_src/security/tutorial001_an_py39.py hl[12] *}

But that is still not that useful.

Let's make it give us the current user.

## Create a user model { #create-a-user-model }

First, let's create a Pydantic user model.

the identity of the caller is validated by using a JWT access token from the identity provider. The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls to MinIO API operations.

By default, the temporary security credentials created by AssumeRoleWithClientGrants last for one hour. However, use the optional DurationSeconds parameter to specify the duration of the...

    /**
     * Constructs a new PacSidAttributes instance.
     *
     * @param id the Security Identifier
     * @param attributes the attribute flags associated with the SID
     */
    public PacSidAttributes(final SID id, final int attributes) {
        this.id = id;
        this.attributes = attributes;
    }

    /**
     * Gets the Security Identifier.
     *
     * @return the SID associated with this instance
     */

{* ../../docs_src/security/tutorial001_an_py39.py hl[12] *}

Pero eso aún no es tan útil. Vamos a hacer que nos dé el usuario actual.

## Crear un modelo de usuario

Primero, vamos a crear un modelo de usuario con Pydantic.

De la misma manera que usamos Pydantic para declarar cuerpos, podemos usarlo en cualquier otra parte:

{* ../../docs_src/security/tutorial002_an_py310.py hl[5,12:6] *}

{* ../../docs_src/security/tutorial004_an_py310.py hl[89:106] *}

## Die *Pfadoperation* `/token` aktualisieren

Erstellen Sie ein <abbr title="Zeitdifferenz">`timedelta`</abbr> mit der Ablaufzeit des Tokens.

Erstellen Sie einen echten JWT-Zugriffstoken und geben Sie ihn zurück.

{* ../../docs_src/security/tutorial004_an_py310.py hl[117:132] *}

Si el token es inválido, devuelve un error HTTP de inmediato.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Actualizar la *path operation* `/token`

Crea un `timedelta` con el tiempo de expiración del token.

Crea un verdadero token de acceso JWT y devuélvelo.

{* ../../docs_src/security/tutorial004_an_py310.py hl[118:133] *}

### Detalles técnicos sobre el "sujeto" `sub` de JWT

        ptype = 0;
        flags = DCERPC_FIRST_FRAG | DCERPC_LAST_FRAG;
    }

    /**
     * Returns the security descriptor of the share as an array of ACEs.
     *
     * @return an array of ACE objects representing the share's security descriptor
     * @throws IOException if there is an error retrieving the security information
     */
    public ACE[] getSecurity() throws IOException {

import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;

import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.Map;

import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;

import org.junit.jupiter.api.Test;

/**
 * Tests for the PacMac class.
 */

Since, the client would have the session it can do it by itself.

The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls to MinIO API operations. The policy applied to these temporary credentials is inherited from the MinIO user credentials. By default, the temporary security credentials created by AssumeRole last for one hour. However, use the optional DurationSeconds...