headers={"WWW-Authenticate": "Bearer"},
        )
    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = create_access_token(
        data={"sub": user.username}, expires_delta=access_token_expires
    )
    return Token(access_token=access_token, token_type="bearer")


@app.get("/users/me/", response_model=User)
async def read_users_me(

    token: KtLifetimeToken,
) : KtAbstractFirDiagnostic<PsiElement>(firDiagnostic, token), KtFirDiagnostic.IllegalUnderscore

internal class ExpressionExpectedImpl(
    firDiagnostic: KtPsiDiagnostic,
    token: KtLifetimeToken,
) : KtAbstractFirDiagnostic<PsiElement>(firDiagnostic, token), KtFirDiagnostic.ExpressionExpected

internal class AssignmentInExpressionContextImpl(
    firDiagnostic: KtPsiDiagnostic,
    token: KtLifetimeToken,

    public static final String DEFAULT_TEST_TOKEN = "E44TjYrJQadtGBFFuECA0SBqqVtqj7lRGmhYep53ixNdvlRxnkhwqCVCpRoO";
    public static final String DEFAULT_TEST_TOKEN_ID = "testToken";
    private static final String TEST_TOKEN = "test.token";

    public static String getTestToken() {
        return System.getProperty(TEST_TOKEN, DEFAULT_TEST_TOKEN);
    }

    public static String settingTestToken() {

@pytest.mark.parametrize(
    "path,headers,expected_status,expected_response",
    [
        ("/items", None, 200, {"X-Token values": None}),
        ("/items", {"x-token": "foo"}, 200, {"X-Token values": ["foo"]}),
        (
            "/items",
            [("x-token", "foo"), ("x-token", "bar")],
            200,
            {"X-Token values": ["foo", "bar"]},
        ),
    ],
)
def test(path, headers, expected_status, expected_response):

                            ),
                            sourcePsi = null,
                            token
                        )
                    },
                    sourcePsi = null,
                    token
                ),
                token
            )
        )
    }.orEmpty()

    return toKtAnnotationApplication(builder, index, arguments)
}

            token,
        )
    }
    add(FirErrors.NEW_INFERENCE_ERROR) { firDiagnostic ->
        NewInferenceErrorImpl(
            firDiagnostic.a,
            firDiagnostic as KtPsiDiagnostic,
            token,
        )
    }
    add(FirErrors.OTHER_ERROR) { firDiagnostic ->
        OtherErrorImpl(
            firDiagnostic as KtPsiDiagnostic,
            token,
        )
    }

    response = client.get("/items/", headers={"X-Token": "invalid"})
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "X-Token header invalid"}


def test_get_invalid_one_users():
    response = client.get("/users/", headers={"X-Token": "invalid"})
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "X-Token header invalid"}

		},
	},
}

func mainHandler(w http.ResponseWriter, r *http.Request) {
	token := r.FormValue("token")
	if token == "" {
		writeErrorResponse(w, errors.New("token parameter not given"))
		return
	}

	rsp, ok := tokens[token]
	if !ok {
		w.WriteHeader(http.StatusForbidden)
		return
	}

	fmt.Printf("Allowed for token: %s user: %s\n", token, rsp.User)

	w.WriteHeader(http.StatusOK)
	json.NewEncoder(w).Encode(rsp)

Se ele não ver o header de `Autorização` ou o valor não tem um token `Bearer`, vai responder com um código de erro  401 (`UNAUTHORIZED`) diretamente.

Você nem precisa verificar se o token existe para retornar um erro. Você pode ter certeza de que se a sua função for executada, ela terá um `str` nesse token.

## 返回 Token

`token` 端点的响应必须是 JSON 对象。

响应返回的内容应该包含 `token_type`。本例中用的是**Bearer**Token，因此， Token 类型应为**`bearer`**。

返回内容还应包含 `access_token` 字段，它是包含权限 Token 的字符串。

本例只是简单的演示，返回的 Token 就是 `username`，但这种方式极不安全。

!!! tip "提示"

    下一章介绍使用哈希密码和 <abbr title="JSON Web Tokens">JWT</abbr> Token 的真正安全机制。

    但现在，仅关注所需的特定细节。

```Python hl_lines="85"