this.permissions = value;
    }

    public String getToken() {
        checkSpecifiedProperty("token");
        return convertEmptyToNull(token);
    }

    public void setToken(String value) {
        registerModifiedProperty("token");
        this.token = value;
    }

    public String getUpdatedBy() {
        checkSpecifiedProperty("updatedBy");

`AssumeRoleWithCustomToken` STS API extension. A user or application can now present a token to the `AssumeRoleWithCustomToken` API, and MinIO verifies this token by sending it to the Identity Management Plugin webhook. This plugin responds with some information and MinIO is able to generate temporary STS credentials to interact with object storage.

The authentication flow is similar to that of OpenID, however the token is "opaque" to MinIO - it is simply sent to the plugin for verification. CAVEAT:...

app = FastAPI()

oauth2_scheme = OAuth2AuthorizationCodeBearer(
    authorizationUrl="authorize",
    tokenUrl="token",
    description="OAuth2 Code Bearer",
    auto_error=True,
)


@app.get("/items/")
async def read_items(token: str | None = Security(oauth2_scheme)):
    return {"token": token}


client = TestClient(app)


def test_no_token():
    response = client.get("/items")

Um beispielsweise einen `X-Token`-Header zu deklarieren, der mehrmals vorkommen kann, können Sie schreiben:

{* ../../docs_src/header_params/tutorial003_an_py310.py hl[9] *}

Wenn Sie mit dieser *Pfadoperation* kommunizieren und zwei HTTP-Header senden, wie:

```
X-Token: foo
X-Token: bar
```

有时，可能需要接收重复的请求头。即同一个请求头有多个值。

类型声明中可以使用 `list` 定义多个请求头。

使用 Python `list` 可以接收重复请求头所有的值。

例如，声明 `X-Token` 多次出现的请求头，可以写成这样：

{* ../../docs_src/header_params/tutorial003_an_py310.py hl[9] *}

与*路径操作*通信时，以下面的方式发送两个 HTTP 请求头：

```
X-Token: foo
X-Token: bar
```

响应结果是：

```JSON
{
    "X-Token values": [
        "bar",
        "foo"
    ]
}
```

## 小结 { #recap }

    }

    /**
     * Test parsing of {@link KerberosConstants#AUTH_DATA_PAC} with an invalid token.
     * Expects a {@link PACDecodingException} to be thrown.
     */
    @Test
    void testParseAuthDataPacWithInvalidToken() {
        // GIVEN an invalid token for AUTH_DATA_PAC
        byte[] invalidToken = "invalid-pac-token".getBytes();

        // WHEN parsing the auth data
        // THEN a PACDecodingException should be thrown

Par exemple, pour déclarer un en-tête `X-Token` qui peut apparaître plusieurs fois, vous pouvez écrire :

{* ../../docs_src/header_params/tutorial003_an_py310.py hl[9] *}

Si vous communiquez avec ce *chemin d'accès* en envoyant deux en-têtes HTTP comme :

```
X-Token: foo
X-Token: bar
```

La réponse ressemblerait à ceci :

```JSON
{
    "X-Token values": [
        "bar",
        "foo"
    ]
}

from fastapi import Depends, FastAPI
from fastapi.security import OAuth2PasswordBearer

app = FastAPI()

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")


@app.get("/items/")
async def read_items(token: str = Depends(oauth2_scheme)):

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")


class User(BaseModel):
    username: str
    email: str | None = None
    full_name: str | None = None
    disabled: bool | None = None


def fake_decode_token(token):
    return User(
        username=token + "fakedecoded", email="******@****.***", full_name="John Doe"
    )


async def get_current_user(token: str = Depends(oauth2_scheme)):

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")


class User(BaseModel):
    username: str
    email: str | None = None
    full_name: str | None = None
    disabled: bool | None = None


def fake_decode_token(token):
    return User(
        username=token + "fakedecoded", email="******@****.***", full_name="John Doe"
    )


async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):