* See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.gradle.internal.snapshot.impl

class Bean implements Serializable {
    String prop

Erstellen Sie Metadaten für Ihre Tags und übergeben Sie sie an den Parameter `openapi_tags`:

```Python hl_lines="3-16  18"
{!../../../docs_src/metadata/tutorial004.py!}
```

Beachten Sie, dass Sie Markdown in den Beschreibungen verwenden können. Beispielsweise wird „login“ in Fettschrift (**login**) und „fancy“ in Kursivschrift (_fancy_) angezeigt.

!!! tip "Tipp"

    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_token():
    response = client.get("/items", headers={"Authorization": "Bearer testtoken"})
    assert response.status_code == 200, response.text
    assert response.json() == {"token": "testtoken"}


def test_incorrect_token():

!!! info
    A "bearer" token is not the only option.

    But it's the best one for our use case.

    And it might be the best for most use cases, unless you are an OAuth2 expert and know exactly why there's another option that suits better your needs.

            headers={"WWW-Authenticate": "Bearer"},
        )
    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = create_access_token(
        data={"sub": user.username}, expires_delta=access_token_expires
    )
    return Token(access_token=access_token, token_type="bearer")


@app.get("/users/me/", response_model=User)

    - 为指定的端点（Endpoint）进行身份验证
    - 因此，用 API 验证身份时，要发送值为 `Bearer` + 令牌的请求头 `Authorization`
    - 假如令牌为 `foobar`，`Authorization` 请求头就是： `Bearer foobar`

## **FastAPI** 的 `OAuth2PasswordBearer`

**FastAPI** 提供了不同抽象级别的安全工具。

本例使用 **OAuth2** 的 **Password** 流以及 **Bearer** 令牌（`Token`）。为此要使用 `OAuth2PasswordBearer` 类。

!!! info "说明"

    `Bearer` 令牌不是唯一的选择。

    但它是最适合这个用例的方案。

```Python hl_lines="58-67  69-72  90"
{!../../../docs_src/security/tutorial003.py!}
```

!!! info "说明"

    此处返回值为 `Bearer` 的响应头 `WWW-Authenticate` 也是规范的一部分。

    任何 401**UNAUTHORIZED**HTTP（错误）状态码都应返回 `WWW-Authenticate` 响应头。

    本例中，因为使用的是 Bearer Token，该响应头的值应为 `Bearer`。

    实际上，忽略这个附加响应头，也不会有什么问题。

    之所以在此提供这个附加响应头，是为了符合规范的要求。

    说不定什么时候，就有工具用得上它，而且，开发者或用户也可能用得上。

    这就是遵循标准的好处……

			ExpectedErr:                  true,
			ExpectedAuthorizationHeaders: []string{"Bearer 123"},
		},
		"valid bearer token with a space": {
			AuthorizationHeaders:         []string{"Bearer  token"},
			ExpectedUserName:             "",
			ExpectedOK:                   false,
			ExpectedErr:                  false,
			ExpectedAuthorizationHeaders: []string{"Bearer  token"},
			ExpectedRecordedWarning:      invalidTokenWithSpaceWarning,
		},

But that will only allow certain types of communication, excluding everything that involves credentials: Cookies, Authorization headers like those used with Bearer Tokens, etc.

So, for everything to work correctly, it's better to specify explicitly the allowed origins.

## Use `CORSMiddleware`

You can configure it in your **FastAPI** application using the `CORSMiddleware`.

* Import `CORSMiddleware`.

{
  "components": {
    "securitySchemes": {
      "BearerToken": {
        "description": "Bearer Token authentication",
        "in": "header",
        "name": "authorization",
        "type": "apiKey"
      }
    }
  },
  "info": {
    "title": "Kubernetes",
    "version": "unversioned"
  },
  "openapi": "3.0.0",
  "paths": {
    "/logs/": {
      "get": {
        "operationId": "logFileListHandler",