=== "Python 3.10+"

    ```Python hl_lines="105  107-115"
    {!> ../../../docs_src/security/tutorial005_an_py310.py!}
    ```

=== "Python 3.9+"

    ```Python hl_lines="105  107-115"
    {!> ../../../docs_src/security/tutorial005_an_py39.py!}
    ```

=== "Python 3.8+"

    ```Python hl_lines="106  108-116"

=== "Python 3.10+"

    ```Python hl_lines="105  107-115"
    {!> ../../../docs_src/security/tutorial005_an_py310.py!}
    ```

=== "Python 3.9+"

    ```Python hl_lines="105  107-115"
    {!> ../../../docs_src/security/tutorial005_an_py39.py!}
    ```

=== "Python 3.8+"

    ```Python hl_lines="106  108-116"

  }

  // Hardcoded because of Android problems. See testUtf16Expected.
  private static final byte[] utf16ExpectedWithBom =
      new byte[] {-2, -1, 0, 114, 0, -55, 0, 115, 0, 117, 0, 109, 0, -55};

  public void testNewDataOutput_writeChars() {
    ByteArrayDataOutput out = ByteStreams.newDataOutput();
    out.writeChars("r\u00C9sum\u00C9");

此处还创建了后续代码中要复用（`raise`）的 `HTTPException` 。

该异常包含了作用域所需的（如有），以空格分割的字符串（使用 `scope_str`）。该字符串要放到包含作用域的 `WWW-Authenticate` 请求头中（这也是规范的要求）。

```Python hl_lines="105  107-115"
{!../../../docs_src/security/tutorial005.py!}
```

## 校验 `username` 与数据形状

我们可以校验是否获取了 `username`，并抽取作用域。

pkg debug/elf, const R_ARM_PRIVATE_15 = 127
pkg debug/elf, const R_ARM_PRIVATE_15 R_ARM
pkg debug/elf, const R_ARM_PRIVATE_2 = 114
pkg debug/elf, const R_ARM_PRIVATE_2 R_ARM
pkg debug/elf, const R_ARM_PRIVATE_3 = 115
pkg debug/elf, const R_ARM_PRIVATE_3 R_ARM
pkg debug/elf, const R_ARM_PRIVATE_4 = 116
pkg debug/elf, const R_ARM_PRIVATE_4 R_ARM
pkg debug/elf, const R_ARM_PRIVATE_5 = 117
pkg debug/elf, const R_ARM_PRIVATE_5 R_ARM

  }

  // Hardcoded because of Android problems. See testUtf16Expected.
  private static final byte[] utf16ExpectedWithBom =
      new byte[] {-2, -1, 0, 114, 0, -55, 0, 115, 0, 117, 0, 109, 0, -55};

  public void testNewDataOutput_writeChars() {
    ByteArrayDataOutput out = ByteStreams.newDataOutput();
    out.writeChars("r\u00C9sum\u00C9");

	_ = x[ErrUnsupportedHostHeader-109]
	_ = x[ErrMaximumExpires-110]
	_ = x[ErrSlowDownRead-111]
	_ = x[ErrSlowDownWrite-112]
	_ = x[ErrMaxVersionsExceeded-113]
	_ = x[ErrInvalidPrefixMarker-114]
	_ = x[ErrBadRequest-115]
	_ = x[ErrKeyTooLongError-116]
	_ = x[ErrInvalidBucketObjectLockConfiguration-117]
	_ = x[ErrObjectLockConfigurationNotFound-118]
	_ = x[ErrObjectLockConfigurationNotAllowed-119]

    ```

=== "Python 3.8+ nicht annotiert"

    !!! tip "Tipp"
        Bevorzugen Sie die `Annotated`-Version, falls möglich.

    ```Python hl_lines="115-130"
    {!> ../../../docs_src/security/tutorial004.py!}
    ```

### Technische Details zum JWT-„Subjekt“ `sub`

Die JWT-Spezifikation besagt, dass es einen Schlüssel `sub` mit dem Subjekt des Tokens gibt.

👥 ✍ `HTTPException` 👈 👥 💪 🏤-⚙️ (`raise`) ⏪ 📚 ☝.

👉 ⚠, 👥 🔌 ↔ 🚚 (🚥 🙆) 🎻 👽 🚀 (⚙️ `scope_str`). 👥 🚮 👈 🎻 ⚗ ↔ `WWW-Authenticate` 🎚 (👉 🍕 🔌).

```Python hl_lines="105  107-115"
{!../../../docs_src/security/tutorial005.py!}
```

## ✔ `username` & 💽 💠

👥 ✔ 👈 👥 🤚 `username`, & ⚗ ↔.

    {!> ../../../docs_src/security/tutorial004_py310.py!}
    ```

=== "Python 3.8+ non-Annotated"

    !!! tip
        Prefer to use the `Annotated` version if possible.

    ```Python hl_lines="115-130"
    {!> ../../../docs_src/security/tutorial004.py!}
    ```

### Technical details about the JWT "subject" `sub`

The JWT specification says that there's a key `sub`, with the subject of the token.