labels.excludedDocPaths=Pad(en) om uit te sluiten van zoeken
labels.excludedDocUrls=URL(s) om uit te sluiten van zoeken
labels.hostname=Hostnaam
labels.id=ID
labels.includedPaths=Pad(en) om op te nemen in crawlen
labels.includedUrls=URL(s) om op te nemen in crawlen
labels.includedDocPaths=Pad(en) om op te nemen in zoeken
labels.includedDocUrls=URL(s) om op te nemen in zoeken
labels.maxAccessCount=Maximaal aantal toegangspogingen

        },
        "dutch_keywords": {
          "type":       "keyword_marker",
          "keywords": ["hallo", "wereld", "zoeken"]
        },
        "dutch_stemmer": {
          "type":       "stemmer",
          "language":   "dutch"
        },
        "dutch_override": {
          "type":       "stemmer_override",

        },
        "dutch_keywords": {
          "type":       "keyword_marker",
          "keywords": ["hallo", "wereld", "zoeken"]
        },
        "dutch_stemmer": {
          "type":       "stemmer",
          "language":   "dutch"
        },
        "dutch_override": {
          "type":       "stemmer_override",

@app.get(
    "/with-get-token", dependencies=[Security(get_token, scopes=["read", "write"])]
)
async def read_with_get_token():
    return {"message": "Admin Access"}


router = APIRouter(dependencies=[Security(oauth2_scheme, scopes=["read"])])


@router.get("/items/")
async def read_items(token: str | None = Depends(oauth2_scheme)):
    return {"token": token}


@router.post("/items/")

{* ../../docs_src/security/tutorial001_an_py310.py hl[8] *}

/// tip

Here `tokenUrl="token"` refers to a relative URL `token` that we haven't created yet. As it's a relative URL, it's equivalent to `./token`.

- L'API vérifie ce `username` et ce `password`, et répond avec un « token » (nous n'avons encore rien implémenté de tout cela).
    - Un « token » n'est qu'une chaîne contenant des informations que nous pouvons utiliser plus tard pour vérifier cet utilisateur.
    - Normalement, un token est configuré pour expirer après un certain temps.

Actualiza `get_current_user` para recibir el mismo token que antes, pero esta vez, usando tokens JWT.

Decodifica el token recibido, verifícalo y devuelve el usuario actual.

Si el token es inválido, devuelve un error HTTP de inmediato.

{* ../../docs_src/security/tutorial004_an_py310.py hl[93:110] *}

## Actualizar la *path operation* `/token` { #update-the-token-path-operation }

app = FastAPI()

oauth2_scheme = OAuth2PasswordBearer(
    tokenUrl="/token",
    description="OAuth2PasswordBearer security scheme",
    auto_error=False,
)


@app.get("/items/")
async def read_items(token: str | None = Security(oauth2_scheme)):
    if token is None:
        return {"msg": "Create an account first"}
    return {"token": token}


client = TestClient(app)


def test_no_token():

        <script>
        var ws = null;
            function connect(event) {
                var itemId = document.getElementById("itemId")
                var token = document.getElementById("token")
                ws = new WebSocket("ws://localhost:8000/items/" + itemId.value + "/ws?token=" + token.value);
                ws.onmessage = function(event) {
                    var messages = document.getElementById('messages')

        <script>
        var ws = null;
            function connect(event) {
                var itemId = document.getElementById("itemId")
                var token = document.getElementById("token")
                ws = new WebSocket("ws://localhost:8000/items/" + itemId.value + "/ws?token=" + token.value);
                ws.onmessage = function(event) {
                    var messages = document.getElementById('messages')