access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = create_access_token(
        data={"sub": user.username, "scope": " ".join(form_data.scopes)},
        expires_delta=access_token_expires,
    )
    return Token(access_token=access_token, token_type="bearer")


@app.get("/users/me/")
async def read_users_me(

            headers={"WWW-Authenticate": "Bearer"},
        )
    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = create_access_token(
        data={"sub": user.username}, expires_delta=access_token_expires
    )
    return Token(access_token=access_token, token_type="bearer")


@app.get("/users/me/")
async def read_users_me(current_user: User = Depends(get_current_active_user)) -> User:

    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = create_access_token(
        data={"sub": user.username, "scope": " ".join(form_data.scopes)},
        expires_delta=access_token_expires,
    )
    return Token(access_token=access_token, token_type="bearer")


@app.get("/users/me/")

            headers={"WWW-Authenticate": "Bearer"},
        )
    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = create_access_token(
        data={"sub": user.username}, expires_delta=access_token_expires
    )
    return Token(access_token=access_token, token_type="bearer")


@app.get("/users/me/")
async def read_users_me(

    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}


@app.get("/users/me")
async def read_users_me(
    current_user: Annotated[User, Depends(get_current_active_user)],
):

    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}


@app.get("/users/me")
async def read_users_me(current_user: User = Depends(get_current_active_user)):

The response of the `token` endpoint must be a JSON object.

It should have a `token_type`. In our case, as we are using "Bearer" tokens, the token type should be "`bearer`".

And it should have an `access_token`, with a string containing our access token.

For this simple example, we are going to just be completely insecure and return the same `username` as the token.

/// tip

而且它還應該有一個 `access_token`，其值為包含我們存取權杖的字串。

在這個簡單示例中，我們會不安全地直接回傳相同的 `username` 當作 token。

/// tip

下一章你會看到真正安全的實作，包含密碼雜湊與 <abbr title="JSON Web Tokens - JSON 網頁權杖">JWT</abbr> tokens。

但現在先把注意力放在我們需要的這些細節上。

///

{* ../../docs_src/security/tutorial003_an_py310.py hl[87] *}

/// tip

依照規範，你應該回傳一個包含 `access_token` 與 `token_type` 的 JSON，就像這個範例。

返回内容还应包含 `access_token` 字段，它是包含权限 Token 的字符串。

本例只是简单的演示，返回的 Token 就是 `username`，但这种方式极不安全。

/// tip | 提示

下一章介绍使用哈希密码和 <abbr title="JSON Web Tokens - JSON Web 令牌">JWT</abbr> Token 的真正安全机制。

但现在，仅关注所需的特定细节。

///

{* ../../docs_src/security/tutorial003_an_py310.py hl[87] *}

/// tip | 提示

按规范的要求，应像本示例一样，返回带有 `access_token` 和 `token_type` 的 JSON 对象。

        testClient = new TestSearchEngineClient();
        testClient.addIndexConfig("fess/doc");
        testClient.addIndexConfig("fess_config.scheduled_job/scheduled_job");
        testClient.addIndexConfig("fess_config.access_token/access_token");
        testClient.addIndexConfig("fess_user.user/user");
        testClient.addIndexConfig("fess_log.search_log/search_log");
    }

    @Override