client_id: optional string. OAuth2 recommends sending the client_id and client_secret (if any)
        using HTTP Basic auth, as: client_id:client_secret
    client_secret: optional string. OAuth2 recommends sending the client_id and client_secret (if any)
        using HTTP Basic auth, as: client_id:client_secret
    """

    def __init__(
        self,
        grant_type: Annotated[
            str,

                            {"title": "Client Id", "type": "string"}
                        ),
                        "client_secret": IsDict(
                            {
                                "title": "Client Secret",
                                "anyOf": [{"type": "string"}, {"type": "null"}],
                            }
                        )
                        | IsDict(

        "/items?token=jessica", headers={"X-Token": "fake-super-secret-token"}
    )
    assert response.status_code == 200
    assert response.json() == {
        "plumbus": {"name": "Plumbus"},
        "gun": {"name": "Portal Gun"},
    }


def test_items_with_no_token_jessica(client: TestClient):
    response = client.get("/items", headers={"X-Token": "fake-super-secret-token"})
    assert response.status_code == 422

    )
    assert response.status_code == 200
    assert response.json() == {
        "plumbus": {"name": "Plumbus"},
        "gun": {"name": "Portal Gun"},
    }


@needs_py39
def test_items_with_no_token_jessica(client: TestClient):
    response = client.get("/items", headers={"X-Token": "fake-super-secret-token"})
    assert response.status_code == 422

Import the modules installed.

Create a random secret key that will be used to sign the JWT tokens.

To generate a secure random secret key use the command:

<div class="termy">

```console
$ openssl rand -hex 32

09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7
```

</div>

And copy the output to the variable `SECRET_KEY` (don't use the one in the example).

        "/login",
        data={"username": "johndoe", "password": "secret", "grant_type": "password"},
    )
    assert response.status_code == 200
    assert response.json() == {
        "grant_type": "password",
        "username": "johndoe",
        "password": "secret",
        "scopes": [],
        "client_id": None,
        "client_secret": None,
    }


def test_openapi_schema():

    * For this to work, a **single** component (program) running on the server, listening on the **public IP address**, must have **all the HTTPS certificates** in the server.
* **After** obtaining a secure connection, the communication protocol is **still HTTP**.
    * The contents are **encrypted**, even though they are being sent with the **HTTP protocol**.

                            {"title": "Client Id", "type": "string"}
                        ),
                        "client_secret": IsDict(
                            {
                                "title": "Client Secret",
                                "anyOf": [{"type": "string"}, {"type": "null"}],
                            }
                        )
                        | IsDict(

    discussion_id: Union[str, None] = None,
    comment_id: Union[str, None] = None,
    body: Union[str, None] = None,
) -> Dict[str, Any]:
    headers = {"Authorization": f"token {settings.input_token.get_secret_value()}"}
    # some fields are only used by one query, but GraphQL allows unused variables, so
    # keep them here for simplicity
    variables = {
        "after": after,
        "category_id": category_id,

次のようなユーザーインターフェイスが表示されます：

<img src="/img/tutorial/security/image07.png">

前回と同じ方法でアプリケーションの認可を行います。

次の認証情報を使用します：

Username: `johndoe`
Password: `secret`

!!! check "確認"
    コードのどこにも平文のパスワード"`secret`"はなく、ハッシュ化されたものしかないことを確認してください。

<img src="/img/tutorial/security/image08.png">

エンドポイント`/users/me/`を呼び出すと、次のようなレスポンスが得られます：

```JSON
{
  "username": "johndoe",