!!! tip
    Here `tokenUrl="token"` refers to a relative URL `token` that we haven't created yet. As it's a relative URL, it's equivalent to `./token`.

    Because we are using a relative URL, if your API was located at `https://example.com/`, then it would refer to `https://example.com/token`. But if your API was located at `https://example.com/api/v1/`, then it would refer to `https://example.com/api/v1/token`.

        "/users/", headers={"X-Token": "fake-super-secret-token", "X-Key": "invalid"}
    )
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "X-Key header invalid"}


@needs_py39
def test_get_valid_headers_items(client: TestClient):
    response = client.get(
        "/items/",
        headers={
            "X-Token": "fake-super-secret-token",

    override val psiTypeProviderImpl = KaFirPsiTypeProvider(this, token)

    override val jvmTypeMapperImpl = KaFirJvmTypeMapper(this, token)

    override val typeProviderImpl = KaFirTypeProvider(this, token)

    override val typeInfoProviderImpl = KaFirTypeInfoProvider(this, token)

    override val subtypingComponentImpl = KaFirSubtypingComponent(this, token)

    firDiagnostic: KtPsiSimpleDiagnostic,
    token: KaLifetimeToken
) : KaAbstractFirDiagnostic<PsiElement>(firDiagnostic, token), KaCompilerPluginDiagnostic0

internal class KaCompilerPluginDiagnostic1Impl(
    firDiagnostic: KtPsiDiagnosticWithParameters1<*>,
    token: KaLifetimeToken,
    override val parameter1: Any?
) : KaAbstractFirDiagnostic<PsiElement>(firDiagnostic, token), KaCompilerPluginDiagnostic1

def test_get_invalid_one_header():
    response = client.get("/items/", headers={"X-Token": "invalid"})
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "X-Token header invalid"}


def test_get_invalid_second_header():
    response = client.get(
        "/items/", headers={"X-Token": "fake-super-secret-token", "X-Key": "invalid"}
    )
    assert response.status_code == 400, response.text

    response = client.get("/items/", headers={"X-Token": "invalid"})
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "X-Token header invalid"}


def test_get_invalid_one_users():
    response = client.get("/users/", headers={"X-Token": "invalid"})
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "X-Token header invalid"}

	token, err := metadata.GetWithContext(context.TODO(), uri)
	if err != nil {
		gcecredLog.Errorf("Failed to get vm identity token from metadata server: %v", err)
		return "", err
	}
	// Update token cache.
	p.tokenCache = token
	gcecredLog.Debugf("Got GCE identity token: %d", len(token))
	tokenbytes := []byte(token)
	err = os.WriteFile(p.jwtPath, tokenbytes, 0o640)
	if err != nil {

 */
public sealed class KaAnnotationValue(override val token: KaLifetimeToken) : KaLifetimeOwner {
    public abstract val sourcePsi: KtElement?
}

public typealias KtAnnotationValue = KaAnnotationValue

/**
 * This represents an unsupported expression used as an annotation value.
 */
public class KaUnsupportedAnnotationValue @KaAnalysisApiInternals constructor(
    token: KaLifetimeToken
) : KaAnnotationValue(token) {

			ctx := context.Background()
			if tc.metadata != nil {
				if tc.token != "" {
					token := security.BearerTokenPrefix + tc.token
					tc.metadata.Append("authorization", token)
				}
				ctx = metadata.NewIncomingContext(ctx, tc.metadata)
			}

			tokenReview := &k8sauth.TokenReview{
				Spec: k8sauth.TokenReviewSpec{
					Token: tc.token,
				},
			}

			tokenReview.Status.Audiences = []string{}

    private val backingOperation: KaLogicOperation
) : KaContractBooleanExpression {
    init {
        check(left.token === right.token) { "$left and $right should have the same lifetime token" }
    }

    override val token: KaLifetimeToken get() = backingLeft.token
    public val left: KaContractBooleanExpression get() = withValidityAssertion { backingLeft }