}

// UpdateOrCreateTokens attempts to update a token with the given ID, or create if it does not already exist.
func UpdateOrCreateTokens(client clientset.Interface, failIfExists bool, tokens []bootstraptokenv1.BootstrapToken) error {

	for _, token := range tokens {

		secretName := bootstraputil.BootstrapTokenSecretName(token.Token.ID)

!!! tip
    Here `tokenUrl="token"` refers to a relative URL `token` that we haven't created yet. As it's a relative URL, it's equivalent to `./token`.

    Because we are using a relative URL, if your API was located at `https://example.com/`, then it would refer to `https://example.com/token`. But if your API was located at `https://example.com/api/v1/`, then it would refer to `https://example.com/api/v1/token`.

    ```Python hl_lines="25"
    {!> ../../../docs_src/security/tutorial002.py!}
    ```

## Den Benutzer holen

`get_current_user` wird eine von uns erstellte (gefakte) Hilfsfunktion verwenden, welche einen Token vom Typ `str` entgegennimmt und unser Pydantic-`User`-Modell zurückgibt:

=== "Python 3.10+"

    ```Python hl_lines="19-22  26-27"

        "/users/", headers={"X-Token": "fake-super-secret-token", "X-Key": "invalid"}
    )
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "X-Key header invalid"}


@needs_py39
def test_get_valid_headers_items(client: TestClient):
    response = client.get(
        "/items/",
        headers={
            "X-Token": "fake-super-secret-token",

    override val psiTypeProviderImpl = KaFirPsiTypeProvider(this, token)

    override val jvmTypeMapperImpl = KaFirJvmTypeMapper(this, token)

    override val typeProviderImpl = KaFirTypeProvider(this, token)

    override val typeInfoProviderImpl = KaFirTypeInfoProvider(this, token)

    override val subtypingComponentImpl = KaFirSubtypingComponent(this, token)

}

// TokenReviewSpec is a description of the token authentication request.
message TokenReviewSpec {
  // Token is the opaque bearer token.
  // +optional
  optional string token = 1;

  // Audiences is a list of the identifiers that the resource server presented
  // with the token identifies as. Audience-aware token authenticators will
  // verify that the token was intended for at least one of the audiences in

    firDiagnostic: KtPsiSimpleDiagnostic,
    token: KaLifetimeToken
) : KaAbstractFirDiagnostic<PsiElement>(firDiagnostic, token), KaCompilerPluginDiagnostic0

internal class KaCompilerPluginDiagnostic1Impl(
    firDiagnostic: KtPsiDiagnosticWithParameters1<*>,
    token: KaLifetimeToken,
    override val parameter1: Any?
) : KaAbstractFirDiagnostic<PsiElement>(firDiagnostic, token), KaCompilerPluginDiagnostic1

def test_get_invalid_one_header():
    response = client.get("/items/", headers={"X-Token": "invalid"})
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "X-Token header invalid"}


def test_get_invalid_second_header():
    response = client.get(
        "/items/", headers={"X-Token": "fake-super-secret-token", "X-Key": "invalid"}
    )
    assert response.status_code == 400, response.text

def test_read_nonexistent_item():
    response = client.get("/items/baz", headers={"X-Token": "coneofsilence"})
    assert response.status_code == 404
    assert response.json() == {"detail": "Item not found"}


def test_create_item():
    response = client.post(
        "/items/",
        headers={"X-Token": "coneofsilence"},

def test_read_nonexistent_item():
    response = client.get("/items/baz", headers={"X-Token": "coneofsilence"})
    assert response.status_code == 404
    assert response.json() == {"detail": "Item not found"}


def test_create_item():
    response = client.post(
        "/items/",
        headers={"X-Token": "coneofsilence"},