display: block;\n  width: 100%;\n}\n\n.col-form-label {\n  padding-top: calc(0.375rem + 1px);\n  padding-bottom: calc(0.375rem + 1px);\n  margin-bottom: 0;\n  font-size: inherit;\n  line-height: 1.5;\n}\n\n.col-form-label-lg {\n  padding-top: calc(0.5rem + 1px);\n  padding-bottom: calc(0.5rem + 1px);\n  font-size: 1.25rem;\n  line-height: 1.5;\n}\n\n.col-form-label-sm {\n  padding-top: calc(0.25rem + 1px);\n  padding-bottom: calc(0.25rem + 1px);\n  font-size: 0.875rem;\n  line-height: 1.5;\n}\n\n.f...

    assert response.headers["WWW-Authenticate"] == 'Bearer scope="me"'


@needs_py39
def test_token_inactive_user(client: TestClient):
    access_token = get_access_token(
        username="alice", password="secretalice", scope="me", client=client
    )
    response = client.get(
        "/users/me", headers={"Authorization": f"Bearer {access_token}"}
    )
    assert response.status_code == 400, response.text

                        }

                        if(chkCorrectWord) {
                            var $liEle = $("<li/>");
                            $liEle.html(str);
                            $liEle.click(function() {
                                var str = $(this).html();
                                suggestor.fixList();
                                $textArea.val(str);

* It returns an object of type `HTTPBasicCredentials`:
    * It contains the `username` and `password` sent.

{* ../../docs_src/security/tutorial006_an_py39.py hl[4,8,12] *}

When you try to open the URL for the first time (or click the "Execute" button in the docs) the browser will ask you for your username and password:

<img src="/img/tutorial/security/image12.png">

## Check the username

Here's a more complete example.

///

### Krok 2: utwórz instancję `FastAPI`

{*../../docs_src/first_steps/tutorial001.py hl[3] *}

Zmienna `app` będzie tutaj "instancją" klasy `FastAPI`.

Będzie to główny punkt interakcji przy tworzeniu całego interfejsu API.

Ta zmienna `app` jest tą samą zmienną, do której odnosi się `uvicorn` w poleceniu:

<div class="termy">

```console
$ uvicorn main:app --reload

These credentials can now be used to perform MinIO API operations.

### Using MinIO Console

- Open MinIO URL on the browser, lets say <http://localhost:9000/>
- Click on `Login with SSO`
- User will be redirected to the Keycloak user login page, upon successful login the user will be redirected to MinIO page and logged in automatically,

    assert response.headers["WWW-Authenticate"] == 'Bearer scope="me"'


def test_token_inactive_user():
    access_token = get_access_token(
        username="alice", password="secretalice", scope="me"
    )
    response = client.get(
        "/users/me", headers={"Authorization": f"Bearer {access_token}"}
    )
    assert response.status_code == 400, response.text

                                                    key="labels.searchlog_log_type_search"/></la:option>
                                            <la:option value="click"><la:message key="labels.searchlog_log_type_click"/></la:option>
                                            <la:option value="user_info"><la:message

alue:e})}})},fix:function(e){return e[ce.expando]?e:new ce.Event(e)},special:{load:{noBubble:!0},click:{setup:function(e){var t=this||e;return we.test(t.type)&&t.click&&fe(t,"input")&&He(t,"click",!0),!1},trigger:function(e){var t=this||e;return we.test(t.type)&&t.click&&fe(t,"input")&&He(t,"click"),!0},_default:function(e){var t=e.target;return we.test(t.type)&&t.click&&fe(t,"input")&&_.get(t,"click")||fe(t,"a")}},beforeunload:{postDispatch:function(e){void 0!==e.result&&e.originalEvent&&(e.ori...

		* E se o token for roubado, o risco é menor. Não é como se fosse uma chave permanente que vai funcionar para sempre (na maioria dos casos).
	* O frontend armazena aquele token temporariamente em algum lugar.
	* O usuário clica no frontend para ir à outra seção daquele frontend do aplicativo web.
	* O frontend precisa buscar mais dados daquela API.
		* Mas precisa de autenticação para aquele endpoint em específico.