* Normally, a token is set to expire after some time.
        * So, the user will have to log in again at some point later.
        * And if the token is stolen, the risk is less. It is not like a permanent key that will work forever (in most of the cases).
* The frontend stores that token temporarily somewhere.
* The user clicks in the frontend to go to another section of the frontend web app.

  linking directly to the master branch. This ensures that links reference a
  specific point in time, rather than a document that may change over time.
  
  See here for guidance on getting permanent links to files: https://help.github.com/en/articles/getting-permanent-links-to-files
  
  Please use the following format for linking documentation:
  - [KEP]: <link>
  - [Usage]: <link>
  - [Other doc]: <link>

  linking directly to the master branch. This ensures that links reference a
  specific point in time, rather than a document that may change over time.
  
  See here for guidance on getting permanent links to files: https://help.github.com/en/articles/getting-permanent-links-to-files
  
  Please use the following format for linking documentation:
  - [KEP]: <link>
  - [Usage]: <link>
  - [Other doc]: <link>

À partir de FastAPI version `0.122.0`, ils utilisent le code d'état HTTP plus approprié `401 Unauthorized`, et renvoient un en-tête `WWW-Authenticate` pertinent dans la réponse, conformément aux spécifications HTTP, [RFC 7235](https://datatracker.ietf.org/doc/html/rfc7235#section-3.1), [RFC 9110](https://datatracker.ietf.org/doc/html/rfc9110#name-401-unauthorized).

    - Normalement, un token est configuré pour expirer après un certain temps.
        - Ainsi, l'utilisateur devra se reconnecter à un moment donné.
        - Et si le token est volé, le risque est moindre. Ce n'est pas une clé permanente qui fonctionnerait indéfiniment (dans la plupart des cas).
- Le frontend stocke ce token temporairement quelque part.
- L'utilisateur clique dans le frontend pour aller vers une autre section de l'application web frontend.

* n’ont pas d’en-tête `Content-Type` (par ex. en utilisant `fetch()` avec un corps `Blob`)
* et n’envoient aucune information d’authentification.

Ce type d’attaque est surtout pertinent lorsque :

* l’application s’exécute localement (par ex. sur `localhost`) ou sur un réseau interne

## Exécuter au démarrage { #running-on-startup }

        * Así que, el usuario tendrá que volver a iniciar sesión más adelante.
        * Y si el token es robado, el riesgo es menor. No es como una llave permanente que funcionará para siempre (en la mayoría de los casos).
* El frontend almacena temporalmente ese token en algún lugar.
* El usuario hace clic en el frontend para ir a otra sección de la aplicación web frontend.

    * Normalmente, um token é definido para expirar depois de algum tempo.
        * Então, o usuário terá que fazer login novamente em algum momento.
        * E se o token for roubado, o risco é menor. Não é como uma chave permanente que funcionará para sempre (na maioria dos casos).
* O frontend armazena esse token temporariamente em algum lugar.
* O usuário clica no frontend para ir para outra seção do aplicativo web.

}
```

### Events with Failures

When an operation fails, a failure method is called. This is `connectFailed()` for failures while building a connection to the server, and `callFailed()` when the HTTP call fails permanently. When a failure happens it is possible that a `start` event won’t have a corresponding `end` event.

![Events Diagram](../assets/images/******@****.***)

### Events with Retries and Follow-Ups