```

!!! info
    The additional header `WWW-Authenticate` with value `Bearer` we are returning here is also part of the spec.

    Any HTTP (error) status code 401 "UNAUTHORIZED" is supposed to also return a `WWW-Authenticate` header.

    In the case of bearer tokens (our case), the value of that header should be `Bearer`.

    You can actually skip that extra header and it would still work.

    ```

!!! info
    Der zusätzliche Header `WWW-Authenticate` mit dem Wert `Bearer`, den wir hier zurückgeben, ist ebenfalls Teil der Spezifikation.

    Jeder HTTP-(Fehler-)Statuscode 401 „UNAUTHORIZED“ soll auch einen `WWW-Authenticate`-Header zurückgeben.

    Im Fall von Bearer-Tokens (in unserem Fall) sollte der Wert dieses Headers `Bearer` lauten.

        ":c_api_internal",
        ":c_api_macros_hdrs",
        ":checkpoint_reader",
        ":tf_buffer",
        ":tf_buffer_internal",
        "//tensorflow/c/eager:c_api",
        "//tensorflow/c/eager:c_api_internal",
        "//tensorflow/c/eager:tfe_context_internal",
        "//tensorflow/c/eager:tfe_op_internal",
        "//tensorflow/c/eager:tfe_tensorhandle_internal",
        "//tensorflow/compiler/jit:flags",

        .build()
    val request =
      originalRequest.newBuilder()
        .header("Upgrade", "websocket")
        .header("Connection", "Upgrade")
        .header("Sec-WebSocket-Key", key)
        .header("Sec-WebSocket-Version", "13")
        .header("Sec-WebSocket-Extensions", "permessage-deflate")
        .build()
    call = RealCall(webSocketClient, request, forWebSocket = true)
    call!!.enqueue(

<img src="/img/tutorial/security/image10.png">

!!! note "Hinweis"
    Beachten Sie den Header `Authorization` mit einem Wert, der mit `Bearer` beginnt.

## Fortgeschrittene Verwendung mit `scopes`

OAuth2 hat ein Konzept von <abbr title="Geltungsbereiche">„Scopes“</abbr>.

    open fun url(url: URL) = url(url.toString().toHttpUrl())

    /**
     * Sets the header named [name] to [value]. If this request already has any headers
     * with that name, they are all replaced.
     */
    open fun header(
      name: String,
      value: String,
    ) = commonHeader(name, value)

    /**
     * Adds a header with [name] and [value]. Prefer this method for multiply-valued
     * headers like "Cookie".

    internal val reader: Http2Reader,
  ) : Http2Reader.Handler, () -> Unit {
    override fun invoke() {
      var connectionErrorCode = ErrorCode.INTERNAL_ERROR
      var streamErrorCode = ErrorCode.INTERNAL_ERROR
      var errorException: IOException? = null
      try {
        reader.readConnectionPreface(this)
        while (reader.nextFrame(false, this)) {
        }

    * Но для этого необходима аутентификация для конкретной конечной точки.
    * Поэтому для аутентификации в нашем API он посылает заголовок `Authorization` со значением `Bearer` плюс сам токен.
    * Если токен содержит `foobar`, то содержание заголовка `Authorization` будет таким: `Bearer foobar`.

## Класс `OAuth2PasswordBearer` в **FastAPI**

      ProtocolException::class.java,
      "Expected 'Sec-WebSocket-Accept' header value 'ujmZX4KXZqjwy6vi1aQFH5p4Ygk=' but was 'magic'",
    )
    webSocket.cancel()
  }

  @Test
  @Throws(IOException::class)
  fun clientIncludesForbiddenHeader() {
    newWebSocket(
      Request.Builder()
        .url(webServer.url("/"))
        .header("Sec-WebSocket-Extensions", "permessage-deflate")
        .build(),
    )

```Python
from .dependencies import get_token_header
```

würde bedeuten:

* Beginnend im selben Package, in dem sich dieses Modul (die Datei `app/routers/items.py`) befindet (das Verzeichnis `app/routers/`) ...
* finde das Modul `dependencies` (eine imaginäre Datei unter `app/routers/dependencies.py`) ...
* und importiere daraus die Funktion `get_token_header`.