overrideSeries('istio.io/debug', 'Debug'),
        overrideSeries('istio.io/debug/syncz', 'Debug'),
        overrideSeries('wads', 'Authorization'),
        overrideSeries('wds', 'Workloads'),
        overrideSeries('type.googleapis.com/istio.security.Authorization', 'Authorizations'),
        overrideSeries('type.googleapis.com/istio.workload.Address', 'Addresses'),
      ]),
  },

  tables: {

                     "id": "byName",
                     "options": "type.googleapis.com/istio.security.Authorization"
                  },
                  "properties": [
                     {
                        "id": "displayName",
                        "value": "Authorizations"
                     }
                  ]
               },
               {
                  "matcher": {

                     "id": "byName",
                     "options": "type.googleapis.com/istio.security.Authorization"
                  },
                  "properties": [
                     {
                        "id": "displayName",
                        "value": "Authorizations"
                     }
                  ]
               },
               {
                  "matcher": {

    async def __call__(
        self, request: Request
    ) -> Optional[HTTPAuthorizationCredentials]:
        authorization = request.headers.get("Authorization")
        scheme, credentials = get_authorization_scheme_param(authorization)
        if not (authorization and scheme and credentials):
            if self.auto_error:
                raise HTTPException(

        authorization = request.headers.get("Authorization")
        if not authorization:
            if self.auto_error:
                raise HTTPException(
                    status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
                )
            else:
                return None
        return authorization


class OAuth2PasswordBearer(OAuth2):
    """

		expectedErr error
	}{
		// Set valid authorization header.
		{
			req: &http.Request{
				Header: http.Header{
					"Authorization": []string{token},
				},
			},
			expectedErr: nil,
		},
		// No authorization header.
		{
			req: &http.Request{
				Header: http.Header{},
			},
			expectedErr: errNoAuthToken,
		},
		// Invalid authorization token.
		{
			req: &http.Request{

    * This automatic discovery is what is defined in the OpenID Connect specification.


/// tip

Integrating other authentication/authorization providers like Google, Facebook, Twitter, GitHub, etc. is also possible and relatively easy.

The most complex problem is building an authentication/authorization provider like those, but **FastAPI** gives you the tools to do it easily, while doing the heavy lifting for you.

///

of ztunnel is to be a minimal L4 proxy, and as such, its xDS configuration is purposefully limited. In particular, ztunnel only supports 2 (custom) xDS resources: [`Workload`](../../pkg/workloadapi/workload.proto) and [`Authorization`](../../pkg/workloadapi/security/authorization.proto). As such, ztunnel does not receive `PeerAuthentication`s directly; when istiod detects a `PeerAuthentication` resource that targets an Ambient captured workload, it computes the effective policy for that workload...

* 🕸 🏪 👈 🤝 🍕 👱.
* 👩‍💻 🖊 🕸 🚶 ➕1️⃣ 📄 🕸 🕸 📱.
* 🕸 💪 ☕ 🌅 💽 ⚪️➡️ 🛠️.
    * ✋️ ⚫️ 💪 🤝 👈 🎯 🔗.
    * , 🔓 ⏮️ 👆 🛠️, ⚫️ 📨 🎚 `Authorization` ⏮️ 💲 `Bearer ` ➕ 🤝.
    * 🚥 🤝 🔌 `foobar`, 🎚 `Authorization` 🎚 🔜: `Bearer foobar`.

## **FastAPI**'Ⓜ `OAuth2PasswordBearer`

**FastAPI** 🚚 📚 🧰, 🎏 🎚 ⚛, 🛠️ 👫 💂‍♂ ⚒.

    * But it needs authentication for that specific endpoint.
    * So, to authenticate with our API, it sends a header `Authorization` with a value of `Bearer ` plus the token.
    * If the token contains `foobar`, the content of the `Authorization` header would be: `Bearer foobar`.

## **FastAPI**'s `OAuth2PasswordBearer`